Microsoft
Software
Hardware
Network
Question : What to insert into PHP form to help prevent hacking
I am new to PHP.
I am using Apache for Windows and PHP 5.
I have set up a Contact form and I want to make it safer.
Below is the file.
I have read where it is easy to hack because of carriage return, etc.
What and where should I insert code to help prevent this.
We will use the PHP to send our form results through an email.
<?php
//------------------------
--Set these paramaters----------------
----------
// Subject of email sent to you.
$subject = 'Results from Contact form';
// Your email address. This is where the form information will be sent.
$emailadd = '
[email protected]
';
// Where to redirect after form is processed.
$url = '
http://www.zzz.com'
;
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------
Do not edit below this line----------------------
----
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 20)
{echo "Name of form element $key cannot be longer than 20 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$lin
e";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>
Thanks
Bob
Answer : What to insert into PHP form to help prevent hacking
use captcha to help protecting from spamming
Random Solutions
Access Like "*" in IIf Statement of Criteria Returns No Records
About Formatting and Parsing text strings
datareader vs. dataset
select records
Make connection from instance to interface
Oracle Query Tuning
Timeout expired.
weird effects using ROUND() on REALs in TSQL
SQL Server 2005 Query Analyzer
Cannot get cgi-bin working