immersion Posted March 14, 2006 Share Posted March 14, 2006 Hello,Forgive me if I am not posting this in the right way. I will try and format the code correctly and ask the right questions.I have created a script that upon html form completion does 2 things. 1, I am using a phpformmail script to send the form results to an email address. 2. I am using code off a tutorial to insert records into a MYSQL database. From a securtity point of view is this a dumb way to go about achieving the 2 desired functions? Should I seperated the formmail and insert record script? What is the best way to accomplish this? Any feedback would be apprecitaed. I will post the script below.[code]<?php$username="user";$password="pass";$database="contact";$first=$_POST['first'];$last=$_POST['last'];$phone=$_POST['phone'];$mobile=$_POST['mobile'];$fax=$_POST['fax'];$email=$_POST['email'];mysql_connect("localhost",$username,$password);@mysql_select_db($database) or die( "Unable to select database");$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email')";mysql_query($query);mysql_close();?>[/code]Thanks,Dave Quote Link to comment https://forums.phpfreaks.com/topic/4958-newbie-script-security/ Share on other sites More sharing options...
redarrow Posted March 14, 2006 Share Posted March 14, 2006 could add this[code]function valid_email($address){ // check an email address is possibly valid if (ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $address)) return true; else return false;}[/code]and this[code]example$name = stripslashes($name);on all$first=$_POST['first'];$last=$_POST['last'];$phone=$_POST['phone'];$mobile=$_POST['mobile'];$fax=$_POST['fax'];$email=$_POST['email'];[/code]Get the users ip insert into database then check to see if that ip is in the database if so dont allow sign up.[code]$ip = $_SERVER['REMOTE_ADDR'];[/code]you could also add an image with a random number so that the user has got to enter that number before enter information to database. this works only on gd2 enabled.good luck. Quote Link to comment https://forums.phpfreaks.com/topic/4958-newbie-script-security/#findComment-17469 Share on other sites More sharing options...
immersion Posted March 14, 2006 Author Share Posted March 14, 2006 redarrow,Thanks for the code hints. Beyond what you are suggesting is it safe to have the insert record script and the formail script in the same page?Thanks again,Dave Quote Link to comment https://forums.phpfreaks.com/topic/4958-newbie-script-security/#findComment-17570 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.