Tintin81 Posted January 22, 2008 Share Posted January 22, 2008 Hey, I'm new to this forum, and I wonder if you can help me with this: I am currently working on a php contact form using the PEAR::Validate package. The form I am developing is for a large client, so I want to make sure the input validation really works and has no security gaps. Maybe some of you can take a look at the code I came up with (I tried really hard to keep it simple): <?php require_once('Validate.php'); // Include file to strip quotes if needed // require_once('MagicQuotes/strip_quotes.php'); $errors = array('name'=>'','email'=>'','message'=>''); // Initialize errors array $ok = false; if (isset ($_POST['submit'])) { // If the form is submitted... $ok = true; $name_options = array('format'=>VALIDATE_ALPHA.VALIDATE_SPACE,'min_length'=>3); $message_options = array('min_length'=>3); if (!Validate::string($_POST['name'],$name_options)) { $errors['name']=' class="error"'; $ok = false; } if (!Validate::email($_POST['email'])) { $errors['email']=' class="error"'; $ok = false; } if (!Validate::string($_POST['message'],$message_options)) { $errors['message']=' class="error"'; $ok = false; } } if ($ok) { mail('myemail@gmail.com', 'Test', $_POST['message']); echo "<b>Thanks for your message!</b>"; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Form</title> <link rel="stylesheet" href="styles.css" type="text/css" media="screen" /> </head> <body> <form method="post"> <div> <label<?php echo ($errors['name']); ?>>Name:</label> <span><input type="text" name="name" value="<?php echo(@$_POST['name']);?>"></span> </div> <div> <label<?php echo ($errors['email']); ?>>Email:</label> <span><input type="text" name="email" value="<?php echo(@$_POST['email']);?>"></span> </div> <div> <label<?php echo ($errors['message']); ?>>Message:</label> <span><input type="text" name="message" value="<?php echo(@$_POST['message']);?>"></span> </div> <div> <span><input type="submit" name="submit" value="send"></span> </div> </form> <?php } ?> </body> </html> I also uploaded this file to here. Feel free to try it out and see if it works (I think it does!). The code seems to work ok, but is it really safe? How could it be further improved? Thanks for any feedback... Link to comment Share on other sites More sharing options...
Lumio Posted January 22, 2008 Share Posted January 22, 2008 use trim() to ignore whitespaces in the beginning and ending of every inputbox. Link to comment Share on other sites More sharing options...
phpSensei Posted January 22, 2008 Share Posted January 22, 2008 PHP HELP SECTION! Link to comment Share on other sites More sharing options...
Lumio Posted January 23, 2008 Share Posted January 23, 2008 PHP HELP SECTION! I think it's in the right section, because the code is already done. Link to comment Share on other sites More sharing options...
phpSensei Posted January 24, 2008 Share Posted January 24, 2008 PHP HELP SECTION! I think it's in the right section, because the code is already done. Its not a snippet code or anything, and its not for public use, and its also not hosted on any sites. He is posting a PHP code and he directly asked for help. He didnt say please TEST this for me, and return any bugs you find Therefor this should be in the PHP HELP SECTION!!! Link to comment Share on other sites More sharing options...
Recommended Posts