Email Forms _Processing Securely

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Plaz
Forum Newbie
Posts: 1
Joined: Mon May 01, 2006 12:15 pm

Email Forms _Processing Securely

Post by Plaz »

Currently I have a site that has a form handler that will process any form I send to it (Even from other domains).

What is the easiest way to secure this form handler so that it can not be exploited by spammers?

I need it to stay simple so that it can process any forms from my site (rather than having a specific form handler for each form).

What is the best way to do this?

Can it be done without form-field validation?

Is there a simple bit of reliable code that will only allow forms from my domain to be processed by the form handler?

Thanks in advance for any input on this.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

standardize any fields that affect the headers used in the email to use the same names and formats, everything else can pretty much be dumping into the body of the email as-is with little to no validation (some basic sanity checks)
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Although not perfect, I like to give each form a unique token in a session var and in a hidden field. On submit you just check to make sure the two match. That'll help cut down on spam. A better way is to use a CAPTCHA or have the user click on a link in their email.
Post Reply