Thread: php mailto with security measures

Greetings and good morning!,

After much work - I have finished a tutorial on adding creating a php mailto system that incorporates security measures to prevent form hijacking, field validation with specific error reporting that uses one page.
hit can be found here;
http://www.netisopen.com/computer/TF001/phpmailto.html

My goal was to break it down as simple as one can get this topic. Time will tell. If anyone has suggestions on improvements- please let me know.

I have kept the other tutorials inplace with appropriate warnings on improving form security.

Thanks to Amanda and David for you valued input, and thanks to Watdaflip for the technical help.

Cheers,

Andy

Excellent work!. I beleive that in time you can take it a little further: for example, do not limit the text area: just make sure that the script replaces the @ with f.e. "AT" . Even if the webmaster writes the info in a database, it will not be of any harm, while at the same time absolutely preventing injecting the text area. For the other fields, you can combine @ replacement and lenght control.

I personally dislike the "echo" of the error in a white page, for aesthetic reasons. I prefer single error pages, or i would like ONE error page, and creating an error array which would display all the errors together, then implementing a BACK button which would take the visitor back to the form.
Last, a session control or a referer piece of code, (to check if the info was submitted from your form or from other site) would be great for security.

Thanks Navaldesign! Watdaflip and I worked on getting the ereg_replace or str_replace to work but it would not work unless you declared the variables inthe mailbody. Trying to keep with script simplicity- I went with limiting. But I agree- replacing would be better.

I also agree with the seperate error pages- Matrixxxxxx1 modified this tutorial to have seperate error pages and I am going to add instruction on how to do this to the tutorial (replace echo with header(Location:........).

I will have another look at incorporating the referer script.

Thanks again my friend!

Andy

All-

Number one complaint was generic Error reporting page. That is fixed.
Now you can create an error page with BV and custom make it to match your site.

Happy web building!!!

Andy

Excellent work, Andy! Thank you so much - it will be an absolute boon to many, many members. You're a star.

Hey Andy!

I've just used your tutorial to help me build a simple contact form - it worked like a dream! Thank you!

Andy

Your tutorial is awsome. Very simple to follow. Thnx again for sharing.

I have a question for you.

If I wanna incoporate a Character Counter at the bottom of my comments. Is that a hard task?

For example at the top of the comment box I would mention the (max characters 300) for example

At the bottom It would be nice to have a box set at 300 characters and as the customer types it minuses off that number and lets them know how many characters are remaining.

Am i asking for too much....heh
Just an idea.


Mike

Matrixxxxxx1-
I will look into that- it is a great idea! I'll let ya know what I find out.

Thanks again Amanda!

Andy