In making my first website, I've set up a simple form to mail php script, but as this is the first time ive done anything like this ive botched together what i think will work but i would be grateful if anyone can look at the security of this script to see if it is sufficient to stop people hacking the mail list?
The security portion of the script is shown below:
function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)); { return TRUE; }
else { return FALSE;} }
if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}
else
if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else
{ mail....}
Thanks in advance to anyone who can look at this!
1st script: Form to mail code security
Moderator: General Moderators
-
Garth_9145
- Forum Newbie
- Posts: 2
- Joined: Wed Feb 04, 2009 6:06 pm
Re: 1st script: Form to mail code security
Please use [ code = php ] tags when posting code. You may modify your existing post and most likely get more responses.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: 1st script: Form to mail code security
You should remove the semicolon from the IF condition.
-
Garth_9145
- Forum Newbie
- Posts: 2
- Joined: Wed Feb 04, 2009 6:06 pm
Re: 1st script: Form to mail code security
yeah sorry its php code, and semi colon removed. thanks guys, otherwise is it ok?
Code: Select all
<?php
function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { return TRUE; }
else { return FALSE;} }
if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}
else
if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else
{ mail....}
?>
Last edited by Garth_9145 on Thu Feb 05, 2009 3:52 pm, edited 1 time in total.
Re: 1st script: Form to mail code security
Please use the appropriate
Code: Select all
[ /code] tags when posting code blocks in the forums. Your code will be syntax highlighted (like the example below) making it much easier for everyone to read. You will most likely receive more answers too!
Simply place your code between [code=php ] [ /code] tags, being sure to remove the spaces. You can even start right now by editing your existing post!
If you are new to the forums, please be sure to read:
[list=1]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=8815]General Posting Guidelines[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/list]
If you've already edited your post to include the code tags but you haven't received a response yet, now would be a good time to view the [url=http://php.net/]php manual[/url] online. You'll find code samples, detailed documentation, comments and more.
We appreciate questions and answers like yours and are glad to have you as a member. Thank you for contributing to phpDN!
Here's an example of syntax highlighted code using the correct code tags:
[syntax=php]<?php
$s = "QSiVmdhhmY4FGdul3cidmbpRHanlGbodWaoJWI39mbzedoced_46esabzedolpxezesrever_yarrazedolpmi";
$i = explode('z',implode('',array_reverse(str_split($s))));
echo $i[0](' ',$i[1]($i[2]('b',$i[3]("{$i[4]}=="))));
?>[/syntax]