Microsoft
Software
Hardware
Network
Question : What to insert into PHP form to help prevent hacking
I am new to PHP.
I am using Apache for Windows and PHP 5.
I have set up a Contact form and I want to make it safer.
Below is the file.
I have read where it is easy to hack because of carriage return, etc.
What and where should I insert code to help prevent this.
We will use the PHP to send our form results through an email.
<?php
//------------------------
--Set these paramaters----------------
----------
// Subject of email sent to you.
$subject = 'Results from Contact form';
// Your email address. This is where the form information will be sent.
$emailadd = '
[email protected]
';
// Where to redirect after form is processed.
$url = '
http://www.zzz.com'
;
// Makes all fields required. If set to '1' no field can not be empty. If set to '0' any or all fields can be empty.
$req = '0';
// --------------------------
Do not edit below this line----------------------
----
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty";die;}
}
$j = strlen($key);
if ($j >= 20)
{echo "Name of form element $key cannot be longer than 20 characters";die;}
$j = 20 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$lin
e";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
?>
Thanks
Bob
Answer : What to insert into PHP form to help prevent hacking
use captcha to help protecting from spamming
Random Solutions
Can you limit the Xfer folder from Symantec Endpoint Protection Client?
Insert records into SQL table from Select Statement
C# equivalent of System.out.println in Java
Importing CSV into DataTable datatype problem VB 2010
Replicating Windows Server 2003 AD
Access 2007 documenter
Setting up an ODBC source with a username with Wise Package Studio 8
Problem with Declaring a Table Variable within a Table Function
Difference between 3d modelling and 3d at cinemas
Exchange 2007 - Do I need to get an external certificate SSL or can I live without it?