Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Sep 2011
    Posts
    348
    Thanks
    39
    Thanked 0 Times in 0 Posts

    Is this contact form secure?

    I have made a simple contact form using validations and so on.. I want to get your feedback if it is secure or if anything has to be implemented. The form codes are:

    The HTML codes:

    Code:
    <form action="#" method="post">
    <p>Your full name (Required):</p>
    <p><input type="text" size="35" placeholder="Your name here..." name="name"/></p>
    <p>Subject (Required):</p>
    <p><input type="text" size="35" placeholder="Your subject..." name="subject"/></p>
    <p>Your email address (Required):</p>
    <p><input type="text" size="35" placeholder="Your email address..." name="email"/></p>
    <p>Your message (Required):</p>
    <p><textarea cols="72" rows="8" name="comments" class="text"></textarea></p>
    <p>Are you human? 2 + 5 = ? (Required):</p>
    <input type="text" size="15" placeholder="Your answer..." name="capcha"/>
    <input class="submit" type="submit" value="Send" name="submit"/>
    <input class="submit" type="reset" value="Reset"/>
    </form>
    The PHP codes with validation are:

    PHP Code:
    <?php
    if ( $_SERVER['REQUEST_METHOD'] == "POST" ) {
    $fname htmlentities($_POST['name']);
    $subj htmlentities($_POST['subject']);
    $emailaddr htmlentities($_POST['email']);
    $message htmlentities($_POST['comments']);
    $cap htmlentities($_POST['capcha']);
    //Check if the form is submitted
    if (isset($_POST['submit'])) {
    if (empty(
    $fname) || empty($emailaddr) || empty($subj)|| empty($message) || empty($cap)) {
    echo 
    '<p class="error">All fields must be filled!</p>';
    return 
    false;

    elseif (
    filter_var($fnameFILTER_VALIDATE_INT)) {
    echo 
    '<p class="error">Name must not be numbers!</p>';
    return 
    false;
    }
    elseif (!
    filter_var($emailaddrFILTER_VALIDATE_EMAIL)){
    echo 
    '<p class="error">Invalid email!</p>';
    return 
    false;

    elseif (!(
    $cap === '7')){
    echo 
    '<p class="error">You seem a robot, try again!</p>';
    return 
    false;
    }
    else {
    $body "From: $fname \n E-Mail: $emailaddr \n Message:\n $message";
    mail("alithebestofall2010@gmail.com""$subj",
    $body"From:" .$emailaddr);
    echo 
    '<p class="thank">Thank you for using our mail form! You will be redirected to the homepage in 5 seconds!</p>';
    header'refresh:5; url= index.php' );
    }
    }
    }
    ?>

  • #2
    New Coder
    Join Date
    Feb 2012
    Location
    England
    Posts
    77
    Thanks
    0
    Thanked 12 Times in 11 Posts
    It looks good. I woudn't use PHP to send anything like password or valuable data through email, but if its jutst some feedback it should be fine.

  • #3
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    No need for the return false; They're to be used in functions only.

  • #4
    Regular Coder
    Join Date
    Sep 2011
    Posts
    348
    Thanks
    39
    Thanked 0 Times in 0 Posts
    But is it bad if I leave it? I have this habit each time I work with form LOL putting Return False!

  • #5
    New Coder
    Join Date
    Feb 2012
    Location
    England
    Posts
    77
    Thanks
    0
    Thanked 12 Times in 11 Posts
    It isn't going to harm anything, but there not needed. There is nothing to return too.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •