PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
EDIT: This is the new file with the below suggestions implemented. The host of the site still believes this is unsafe. Sorry for being a pain, but is there anything else I can do to make it more secure? You don't have to type out the code if you don't want to, just some keywords would be fine so I can look it up.
Also, the process is on a separate page to the form, if that matters (security wise).
if ($email == "" && $phone == "") { $error .= "<b>You need to enter a contact method so that we can contact you.<BR />"; }
if ( preg_match("/[\r\n\"\\\\<>]/", $name) ) $error .= "<div>invalid character in parameter 'name'</div>\n";
if ( preg_match("/[\r\n\"\\\\<>]/", $email) ) $error .= "<div>invalid character in parameter 'email'</div>\n";
if ($error == "") {
The host of the site still believes this is unsafe.
Rather than taking wild stabs in the dark at what might make it more secure, why not ask the host why they think it's not secure? Then you'll have an actual problem that you can address.
An issue I see clients usually have with the "security" of their form is spam. Spammers use forms to spam people using other's bandwidth so firstly, you validate headers to stop spammers from using your client's bandwidth to spam others, and validate any text they send to ensure that there is no HTML inserted. This stops spammers from spamming your client's email.
And explain to them what you've prevented. If you sound like you know what your doing, they assume that you do.