Jump to content

Newbie Script Security

immersion

By immersion
in PHP Coding Help

 Share

Recommended Posts

immersion Newbie

immersion

Posted
Posted
Hello,
Forgive me if I am not posting this in the right way. I will try and format the code correctly and ask the right questions.

I have created a script that upon html form completion does 2 things. 1, I am using a phpformmail script to send the form results to an email address. 2. I am using code off a tutorial to insert records into a MYSQL database. From a securtity point of view is this a dumb way to go about achieving the 2 desired functions? Should I seperated the formmail and insert record script? What is the best way to accomplish this? Any feedback would be apprecitaed.

I will post the script below.
[code]<?php
$username="user";
$password="pass";
$database="contact";

$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];

mysql_connect("localhost",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email')";
mysql_query($query);

mysql_close();
?>[/code]

Thanks,
Dave
Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted
could add this
[code]
function valid_email($address)
{
  // check an email address is possibly valid
  if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $address))
    return true;
  else
    return false;
}
[/code]



and this
[code]
example
$name = stripslashes($name);

on all

$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];

[/code]



Get the users ip insert into database then check to see if that ip is in the database if so dont allow sign up.
[code]

$ip = $_SERVER['REMOTE_ADDR'];

[/code]


you could also add an image with a random number so that the user has got to enter that number before enter information to database. this works only on gd2 enabled.



good luck.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.