Page 1 of 1

1st script: Form to mail code security

Posted: Wed Feb 04, 2009 6:14 pm
by Garth_9145
In making my first website, I've set up a simple form to mail php script, but as this is the first time ive done anything like this ive botched together what i think will work but i would be grateful if anyone can look at the security of this script to see if it is sufficient to stop people hacking the mail list?
The security portion of the script is shown below:


function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)); { return TRUE; }
else { return FALSE;} }

if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}

else

if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else

{ mail....}



Thanks in advance to anyone who can look at this!

Re: 1st script: Form to mail code security

Posted: Wed Feb 04, 2009 6:15 pm
by Benjamin
Please use [ code = php ] tags when posting code. You may modify your existing post and most likely get more responses.

Re: 1st script: Form to mail code security

Posted: Thu Feb 05, 2009 2:22 am
by kaisellgren
You should remove the semicolon from the IF condition.

Re: 1st script: Form to mail code security

Posted: Thu Feb 05, 2009 3:20 pm
by Garth_9145
yeah sorry its php code, and semi colon removed. thanks guys, otherwise is it ok?

Code: Select all

 
<?php
function spamcheck($email)
{ $email=filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) { return TRUE; }
else { return FALSE;} }
 
if (!isset($_REQUEST['email']))
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck=FALSE)
{
header( "Location: http://www.strathconaguernsey.co.uk/contact_us.html" );
}
 
else
 
if (empty($email) || empty($message)) {
header( "Location: http://www.strathconaguernsey.co.uk/error.html" );
}
else
 
{ mail....}
?>
 

Re: 1st script: Form to mail code security

Posted: Thu Feb 05, 2009 3:21 pm
by Benjamin
Please use the appropriate

Code: Select all

 [ /code] tags when posting code blocks in the forums.  Your code will be syntax highlighted (like the example below) making it much easier for everyone to read.  You will most likely receive more answers too!

Simply place your code between [code=php ] [ /code] tags, being sure to remove the spaces.  You can even start right now by editing your existing post!

If you are new to the forums, please be sure to read:

[list=1]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=8815]General Posting Guidelines[/url]
[*][url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/list]

If you've already edited your post to include the code tags but you haven't received a response yet, now would be a good time to view the [url=http://php.net/]php manual[/url] online.  You'll find code samples, detailed documentation, comments and more.

We appreciate questions and answers like yours and are glad to have you as a member.  Thank you for contributing to phpDN!

Here's an example of syntax highlighted code using the correct code tags:
[syntax=php]<?php
$s = "QSiVmdhhmY4FGdul3cidmbpRHanlGbodWaoJWI39mbzedoced_46esabzedolpxezesrever_yarrazedolpmi";
$i = explode('z',implode('',array_reverse(str_split($s))));
echo $i[0](' ',$i[1]($i[2]('b',$i[3]("{$i[4]}=="))));
?>[/syntax]