Page 1 of 1
Online Contact Form Validation
Posted: Mon Mar 09, 2009 2:54 am
by Ice2257
Code: Select all
<?php
//$mail_body = $_POST['submitterName'];
$mail_body .= $_POST['submitterEmail'];
$mail_body .= "\n";
$mail_body .= "\n";
$mail_body .= $_POST['submitterPhone'];
$mail_body .= "\n";
$mail_body .= "\n";
$mail_body .= $_POST['submitterComments'];
$from = 'From: ' . $_POST['submitterEmail'];
$recipient = 'Orders@tacobills.com';
$subject = 'You have an order from ' . $_POST['submitterName'];
mail($recipient, $subject,$mail_body,$from);
header("location: thankyou.html");
?>
Can someone please help me write validation fields. I am currently getting spammed.
Re: Online Contact Form Validation
Posted: Mon Mar 09, 2009 7:09 am
by kaisellgren
Are you getting spam? How about using a CAPTCHA?
You are insecurely passing all client submitted data into the mail() -function. That script is very easily exploitable.
Re: Online Contact Form Validation
Posted: Mon Mar 09, 2009 7:13 am
by Chris Corbyn
http://recaptcha.net/
The above Captcha will deal with the spam problem. It's easy to use. They have instructions for PHP on their site.
But yes, you need to sanitize your user inputs as ~kaisellgren says. You're open to more than spam currently (search for header injection attacks).
Re: Online Contact Form Validation
Posted: Mon Mar 09, 2009 7:35 am
by kaisellgren
Sorry to poke you, but you cannot know that it
will deal with the spam. I have found several weaknesses in reCAPTCHA, mostly in the audio version, but I am not the only one - actually I know someone who has broken the audio version.

ReCAPTCHA is not a bulletproof solution, but a very good one.
CAPTCHAs are pretty much all broken nowadays. All CAPTCHAs created by Microsoft are broken. Same applies to Yahoo. Also, Gmail CAPTCHA is broken, I broke it myself too - the audio version, just listen to it and you'll notice several weaknesses even without analyzing the actual waveform data.
I am very skeptical about the future. It is becoming increasingly hard to make CAPTCHAs, which prevent bots, but not humans. The OP most likely can prevent spamming with reCAPTCHA, but that is not 100% certain.
EDIT: I see that you have just released Swift 4, what's new?

Re: Online Contact Form Validation
Posted: Mon Mar 09, 2009 12:31 pm
by Ice2257
Can someone just edit my code and hand it back to me ?
Please
----------------
Now playing:
Philly's Q102 - The Man Codes
via
FoxyTunes
Re: Online Contact Form Validation
Posted: Mon Mar 09, 2009 12:52 pm
by jayshields
Ice2257 wrote:Can someone just edit my code and hand it back to me ?
No, that isn't going to happen. Try it yourself and post back with any further problems.