> -----Original Message-----
> From: Tiji varghese [mailto:tiji_1@xxxxxxxxxxx]
> Sent: Tuesday, July 14, 2009 7:47 AM
> To: PHP General
> Subject: Email security
>
> Hello,
>
> I've implemented a contact form on my website that would email me the
> contents of the form and also add it to the database. Its working
> perfectly but I'm not too sure about the security part. I don't know
> much about the security issues concerned with email forms and the
> measures to check it. Please help.
>
> Thanks,
> Tiji
[Dewey Williams]
There are a number of easy to use sanitizing scripts available for
processing forms for email and database use - find and use one! Forms
are notoriously easy to compromise for sending spam and corrupting web
sites.
A program I have used in the past is FormMail by
http://www.tectite.com. There are many other FormMail programs
available by the same name - this one is well documented and easy to set
up. It doesn't provide as much database security as you may want, but
it does a good job of hiding email and preventing cross-site scripting
attacks.
Dewey Williams
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
