Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

PHP Forum


You are currently viewing our PHP Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > PHP Forum > How do I make this contact form secure?

Freelance Jobs

Reply
How do I make this contact form secure?
Old 11-17-2009, 03:38 PM How do I make this contact form secure?
Super Talker

Posts: 106
Trades: 0
Talkupation: gh05 is on a distinguished road
Hi, I've heard that it is important to make a contact form secure to avoid spam attacks etc but have no clue how to do it really. Have found some quite old tutorials but think they may be out of date. It took me long enough to get the contact form working so I don't know where to start with making it secure. Are there any simple lines of code that I can add to make it more secure from attacks?

My code is below. Any help much appreciated.


Code:
Code:
<br/><h3>Email the site</h3><p>If you have any comments or questions about the site then please feel free to send me an email. </p><form method="POST" action="mailer.php"> Name: <br><input type="text" name="name" size="19"><br> <br> Email:<br> <input type="text" name="email" size="19"><br> <br> Your Comments: <br> <textarea rows="14" name="message" cols="50"></textarea> <br> <br> <input type="submit" value="Submit" name="submit"></form>
mailer.php:


Code:
<?php 
if(isset($_POST['submit'])) { 
$to = "myemail.com"; 
$subject = "Feedback"; 
$name_field = $_POST['name']; 
$email_field = $_POST['email']; 
$message = $_POST['message']; 
$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message"; 
echo "Data has been submitted to $to!"; mail($to, $subject, $body); 
} 
else { echo "blarg!"; } ?>
Last edited by gh05; 11-17-2009 at 03:42 PM..
gh05 is offline
Reply With Quote
View Public Profile
 
 
Register now for full access!
Old 11-17-2009, 04:18 PM Re: How do I make this contact form secure?
NullPointer's Avatar
Will Code for Food

Latest Blog Post:
Start Services Using a Batch File
Posts: 2,784
Name: Matt
Location: Irvine, CA
Trades: 0
Talkupation: NullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant futureNullPointer has a brilliant future
You may want to use strip_tags on $message. You can also use a session variable to ensure that a user cannot submit multiple times within a certain period of time:
PHP Code:
$interval 60//60 seconds;
$send true;

if((time() - $_SESSION['last_submit']) < $interval)
{
     $send false;
}
else if(!$_SESSION['last_submit'])
{
     $_SESSION['last_submit'] = time();
}

if($send)
{
     if(isset($_POST['submit'])) { 
          $to "myemail.com"
          $subject "Feedback"
          $name_field $_POST['name']; 
          $email_field $_POST['email']; 
          $message strip_tags($_POST['message']); 
          $body "From: $name_field\n E-Mail: $email_field\n Message:\n $message"
          echo "Data has been submitted to $to!"mail($to$subject$body); 
     } 
     else
          echo "blarg!"
Also you may want to verify that the email address field is not blank and properly formatted.
__________________

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
Last edited by NullPointer; 11-17-2009 at 04:20 PM..
NullPointer is online now
Reply With Quote
View Public Profile Visit NullPointer's homepage!
 
Old 11-18-2009, 08:52 AM Re: How do I make this contact form secure?
Super Talker

Posts: 106
Trades: 0
Talkupation: gh05 is on a distinguished road
Many Thanks for that.

Can you tell me, does this protect from sql injection attacks at all?

Cheers.
gh05 is offline
Reply With Quote
View Public Profile
 
Old 11-18-2009, 10:51 AM Re: How do I make this contact form secure?
mgraphic's Avatar
Truth Seeker

Latest Blog Post:
JAMISONTUNES
Posts: 2,898
Name: Keith Marshall
Location: Connecticut
Trades: 0
Talkupation: mgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant future
Quote:
Originally Posted by gh05 View Post
Many Thanks for that.

Can you tell me, does this protect from sql injection attacks at all?

Cheers.
If you are not creating an SQL query with data submitted by GPC (get, post, cookie), then there is no worry of SQL injection.
__________________

<mgraphic /> - I don't have a solution but I admire the problem.
mgraphic is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to How do I make this contact form secure?
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > PHP Forum > How do I make this contact form secure?

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.21050 seconds with 12 queries