Securing a contact form script

拥有回忆 提交于 2019-12-02 11:11:01

You can use a function to validate the entries such as :

function check_input($data)
 {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
 }

And

   

        $name      =    check_input($_POST['name']);
        $email    =    check_input($_POST['email']);
        $phone    =    check_input($_POST['phone']);
        $subject  =    check_input($_POST['subject']);
        $comments =    check_input($_POST['comments']);

And

     if ($name && $email && $phone && $subject && $comments) {
         Send contact form...

}

and of course you can add captcha to make it more secure.

There is nothing insecure in your code really beside lack of data validation. You just collect form data and send it out. so the only 'insecurity' is that you would be easily spammed through that form unless any sort of captcha is used. I am not sure at the moment, but it may be possible to trick mail() to add more receipients with crafted $subject, so it would be save to ensure it's oneliner and strip any CRLFs

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!