Jump to content

Newbie Script Security


immersion

Recommended Posts

Hello,
Forgive me if I am not posting this in the right way. I will try and format the code correctly and ask the right questions.

I have created a script that upon html form completion does 2 things. 1, I am using a phpformmail script to send the form results to an email address. 2. I am using code off a tutorial to insert records into a MYSQL database. From a securtity point of view is this a dumb way to go about achieving the 2 desired functions? Should I seperated the formmail and insert record script? What is the best way to accomplish this? Any feedback would be apprecitaed.

I will post the script below.
[code]<?php
$username="user";
$password="pass";
$database="contact";

$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];

mysql_connect("localhost",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email')";
mysql_query($query);

mysql_close();
?>[/code]

Thanks,
Dave
Link to comment
Share on other sites

could add this
[code]
function valid_email($address)
{
  // check an email address is possibly valid
  if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $address))
    return true;
  else
    return false;
}
[/code]



and this
[code]
example
$name = stripslashes($name);

on all

$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];

[/code]



Get the users ip insert into database then check to see if that ip is in the database if so dont allow sign up.
[code]

$ip = $_SERVER['REMOTE_ADDR'];

[/code]


you could also add an image with a random number so that the user has got to enter that number before enter information to database. this works only on gd2 enabled.



good luck.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.