DRaleigh

Thanks again for all replies... I've added this regex to my code. It seems to actually work!! Yesssss! Along with reCAPTCHA, am I fairly good to go with this form? $name = stripslashes($_POST['name']); $email = $_POST['email']; $location = stripslashes($_POST['location']); $website = $_POST['website']; $comments = stripslashes($_POST['comments']); $ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; $to = "david.adams5280@yahoo.com"; $subject = "Comments from DavidRaleigh.net"; $message = "<b>Name:</b> $name<br> <b>Email address:</b> $email<br> <b>Location:</b> $location<br> <b>Website:</b> $website<br> <b>IP address:</b>$ip<br><br> <b>Comments:</b> $comments "; $from = $_POST['name']; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n"; $headers .= "From: $from" . "\r\n"; if (!empty($_POST['email'])) { $email = ($_POST['email']); } else { $email = NULL; echo 'You forgot your email address.'; } if(!preg_match('/^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4])$/', $email)) { echo 'Email address is invalid.'; exit(); } if (!empty($_POST['comments'])) { $comments = stripslashes($_POST['comments']); } else { $comments = NULL; echo 'You forgot to add your message.'; } if ($email && $comments) { echo "Thank you for your comments $name."; mail($to,$subject,$message,$headers); } ?> Thanks once again, folks!

Thanks so much for all your suggestions! They are all greatly appreciated. I've successfully (surprise to me) installed reCAPTCHA at my site. It seems to work pretty well, but I have fooled it a couple times already. But, at least you have to enter something into the CAPTCHA field...something reasonably close...so I guess that's ok for now. My site is not actually live yet. When it does go live, I don't expect a lot of traffic since my site is being primarily for informational purposes only. I am going to continue trying to tightening my script up (have made corrections noted earlier) & further securing it, but is it possible reCAPTCHA will suffice until I come up with additional security? Also, I've read somewhere about validating forms using hidden fields & CSS. Does anyone know where I might find out more about this? And, if validation is done through a hidden field, how should I test it to make sure it's functioning properly? Thanks much once again! David Raleigh

Greetings all, I am fairly new to PHP & this is my first post to the group. My apologies if this issue has been addressed previously. I've looked around a bit but haven't found quite what I'm looking for. I am working on a simple contact form. I would like to secure the form by validation, particularly the email & website fields, & help protect myself & others against spam & bots. I have seen preg functions used to validate & secure email & url fields but am not quite sure how to apply this to my code. I've tried on several different occasions to work in the preg function on my own but my efforts have only resulted in errors. You will find the php code & html form code below. Does anyone here have any suggestions or ideas as to how I might tighten up this form securely? Thank you in advance for any help... David Raleigh form_handle.php <?php # Handle Contact Form $name = stripslashes($_REQUEST['name']); $email = $_REQUEST['email']; $location = stripslashes($_REQUEST['location']); $url = $_REQUEST['url']; $comments = stripslashes($_REQUEST['comments']); $ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; $to = "david.adams5280@yahoo.com"; $subject = "Comments from DavidRaleigh.net"; $message = "<b>Name:</b> $name<br> <b>Email address:</b> $email<br> <b>Location:</b> $location<br> <b>Website:</b> $url<br><br> <b>Comments:</b> $comments "; $from = $_REQUEST['email']; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n"; $headers .= "From: $from" . "\r\n"; if (!empty($_REQUEST['email'])) { $email = ($_REQUEST['email']); } else { $email = NULL; echo 'You forgot your email address.'; } if (!empty($_REQUEST['comments'])) { $comments = stripslashes($_REQUEST['comments']); } else { $comments = NULL; echo 'You forgot to add your message.'; } if ($email && $comments) { echo "Thank you for your comments $name."; } if ($email && $comments) { mail($to,$subject,$message,$headers); } ?> html_form <form name="form1" id="form1" method="post" action="frm_hndl.php"> <table width="100%" border="0" align="center" cellpadding="7" cellspacing="0"> <tr> <td width="25%" align="right" valign="top" class="content-bld">Name:</td> <td width="75%" align="left" valign="top"><input name="name" type="text" id="name" size="30" /></td> </tr> <tr> <td width="25%" align="right" valign="top" class="content-bld">Email address:</td> <td width="75%" align="left" valign="top"><input name="email" type="text" id="email" size="30" /></td> </tr> <tr> <td width="25%" align="right" valign="top" class="content-bld">Location:</td> <td width="75%" align="left" valign="top"><input name="location" type="text" id="location" size="30" /></td> </tr> <tr> <td width="25%" align="right" valign="top" class="content-bld">Website:</td> <td width="75%" align="left" valign="top"><input name="url" type="text" id="url" size="30" /></td> </tr> <tr> <td width="25%" align="right" valign="top" class="content-bld">Comments:</td> <td width="75%" align="left" valign="top"><textarea name="comments" cols="50" rows="6" id="comments"></textarea></td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="7"> <tr> <td width="50%" align="right" valign="middle"><input type="submit" name="Submit" value="Send message" /></td> <td width="50%" align="left" valign="middle"><input type="reset" name="Submit2" value="Clear form" /></td> </tr> </table> </form>