• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

PHP Email Form Processing Question

Locals Find!

New Member
Would those of you who understand php. Can you please take a look at my code and tell me whether this is secure to keep someone from using it to send out spam.

Thank You! I am still trying to learn this.

Here is my Form code:
Code:
<form action="formprocess2.php" method="post">

<label for="name"><span class="req">*</span> Name:</label> <input type="text" name="name" id="name" />

<label for="email"><span class="req">*</span> Email:</label> <input type="text" name="email" id="email" />

<label for="phone"><span class="req">*</span> Phone:</label> <input 
type="text" name="phone" id="phone" />

<label for="textarea-a">Textarea:</label> <textarea name="textarea" id="textarea-a">I would like to schedule a showing of the property at "3362 Dandolo Cir, Cape Coral, FL 33909" </textarea>

<input type="submit" name="mysubmit" value="Submit" /> </form>
Here is my PHP processing script:

PHP:
<?php
$name = $_POST["name"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$textarea = $_POST["textarea"];

if(isset($textarea))  {
    mail('jason@adtechia.com', 'Showing Request', "Name: $name: Phone: $phone Email: $email Request: $textarea");

header("Location: ../3362/index.html");

} else {
echo ("There has been a problem.");
}
?>
 

Techman

New Member
A secure script will use a check back code or a refer log to prevent any bot from scraping up the email address. You have en email address in it.
So,, I would think this code is useless.
It must not allow a blank page
it must not have the email address anywhere in the form code.
 

Techman

New Member
no,
I do not code any more and have long lost the ability to speak with any authority.
But the rules are still the same. NO email address in capture page code..
 

TwoNine

New Member
Hey Addie -

There are a ton of different bots out there. Each better in some way than the next, so you'll never get em all. But one extra thing you can do to try and eliminate the easiest ones out there is to set your UN and domain in your variables, then call them when needed and just use a concatenation to bring em' in for processing.

So, something like..

$emun = "jason";
$emdom = "adtechia.com";

then in the code just pair em up....
mail($emun + ' @ ' + $emdom .....................

It's just a quick a dirty - gets the easy ones - nothing too overly complex there....For added security, store them in a different file, then just 'include' them. Also you could consider storing our mail function elsewhere under a different function and different files too...Many routes. None correct. :)

-Chad
 

Locals Find!

New Member
Thanks TwoNine I will have to give it a shot.

For the time being I just removed the email request field of the form. I haven't had any trouble yet, (knock on wood) I just wanna be cautious.
 

GVP

New Member
You may be getting confused between an email address embedded in your form (such as a "mailto:" link, which can be easily read by a bot or any human who looks at your web page's source, and an address in your php handler, which generally can't be accessed. Of course, nothing is 100% secure, but if you put your email address (i.e. who the form is being sent to) in your php script, you should be fine.

There's no reason to remove the visitors email field from your actual form.
 

jkdbjj

New Member
I am hand coding in html 5 using jquery. I don't like wordpress its a pain, its vulnerable and its for blogs not really for websites. I know you can do a lot with it but as far as what I am doing its security flaws way out weigh its benefits.
Addie, I think what he is saying, is why not use a solid code already developed. There are dozens available. I am sure you already looked into that, did you not find something that fit your needs you could just tweak a little?
Also check out sites that already have a form similar to what you want, peek at their code an you can do it to yours.
 

Locals Find!

New Member
You may be getting confused between an email address embedded in your form (such as a "mailto:" link, which can be easily read by a bot or any human who looks at your web page's source, and an address in your php handler, which generally can't be accessed. Of course, nothing is 100% secure, but if you put your email address (i.e. who the form is being sent to) in your php script, you should be fine.

There's no reason to remove the visitors email field from your actual form.

I was reading somewhere that, that portion could be compromised is that not the case? I would really like to capture the email address of the prospective clients as its a lot easier to pass on certain info via email.
 

Locals Find!

New Member
Addie, I think what he is saying, is why not use a solid code already developed. There are dozens available. I am sure you already looked into that, did you not find something that fit your needs you could just tweak a little?
Also check out sites that already have a form similar to what you want, peek at their code an you can do it to yours.

I am coding for mobile so a lot of the code from other sites methods doesn't mesh well with what I am doing. Its rather complicated and time consuming as its all fairly new still and the methodology/technology of doing this is kinda being made up as I and others go.
 

TwoNine

New Member
Hey Addie -

I'm not sure if you are aware of stackoverflow.com - you can find some really good info on there. Plus you'll be in with 100k other people who do this kind of stuff for a living.

Just a thought....
 

Locals Find!

New Member
Hey Addie -

I'm not sure if you are aware of stackoverflow.com - you can find some really good info on there. Plus you'll be in with 100k other people who do this kind of stuff for a living.

Just a thought....

Thank You going to check that out. Would be nice to have some more minds to connect with concerning this stuff. What started as a hobby has now turned into an obsession for me.
 

TwoNine

New Member
Yeah - PHP is stupid. So is ASP, C, PERL, RUBY, VB, JAVA, JQUERY, all that.....

Well - it's actually opposite stupid, but it makes me feel better to just carry on believing that IT is stupid...Not me..... :eek:
 

Locals Find!

New Member
Yeah - PHP is stupid. So is ASP, C, PERL, RUBY, VB, JAVA, JQUERY, all that.....

Well - it's actually opposite stupid, but it makes me feel better to just carry on believing that IT is stupid...Not me..... :eek:

I understand that I really wish I hadn't shunned the Nerds back in High School they really are the ones who took over.
 
Top