webref.eu Posted September 14, 2011 Share Posted September 14, 2011 Hi Guys I am adding a short contact form to a site. All the fields are text fields. What do you think is the minimum validation I need to add to make the form safe against hacking etc. Thanks Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted September 14, 2011 Share Posted September 14, 2011 I think you are looking at that the wrong way round, rather than "whats the least I can get away with" you should be asking, "is there anything else that I can do" - personal oppinion. you should at least have -accurate character validation -mysql_real_eascape_sring() on every input -proper sanitisation Quote Link to comment Share on other sites More sharing options...
webessex Posted September 14, 2011 Share Posted September 14, 2011 I think you are looking at that the wrong way round, rather than "whats the least I can get away with" you should be asking, "is there anything else that I can do" - personal oppinion. you should at least have -accurate character validation -mysql_real_eascape_sring() on every input -proper sanitisation Thanks for your help. I work in XHTML and CSS and have very little experience in PHP. Is this something I can do easily myself with little knowledge, or it something you could help with? Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 14, 2011 Share Posted September 14, 2011 Hi Guys I am adding a short contact form to a site. All the fields are text fields. What do you think is the minimum validation I need to add to make the form safe against hacking etc. Thanks you might want to have a look at the tutorial section of this forum. The is a short guide there. Quote Link to comment Share on other sites More sharing options...
webref.eu Posted September 14, 2011 Author Share Posted September 14, 2011 Thanks, was it this one you were referring to? http://www.phpfreaks.com/tutorial/php-security Presumably, as I am only using a contact form, that just sends an e-mail, there aren't so many security concerns as when adding data to a database? With an e-mailing script, is there anything in particular I need to cover? Thanks Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted September 14, 2011 Share Posted September 14, 2011 Thanks, was it this one you were referring to? http://www.phpfreaks.com/tutorial/php-security Presumably, as I am only using a contact form, that just sends an e-mail, there aren't so many security concerns as when adding data to a database? With an e-mailing script, is there anything in particular I need to cover? Thanks yes that is the one. As for emailscripts: 'email' header injection is certainly something to you want to have read about before you put it on a live server. Otherwise you are hosting a spam company. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.