Hi all,
I have decided to remove my email address (an image) from my buisiness website and use a HTML form with reCAPTCHA to keep out the bots, so i have been learning some php.
The more i learn the less certain i am about the way forward.
I have two scenarios at the moment:
1. I use somthing simple like:
<?PHP
$email_to_me = "my email address";
$name =$_POST['name'];
$email =$_POST['email'];
$comment =$_POST['comment'];
mail($email_to_me, $name, $comment, "from: .$email");
header("Location: contact.html");
?>
which will email me the message, redirect the user back to where they were but will not give the user a message sent confirmation.
2. I use somthing like:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$comment = test_input($_POST["comment"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Plus some field validation/error messages in the form.
Hopefully this will keep me on my HTML contact page and allow feedback to users of errors filling in fields and a confirmation can be message sent.
Is the second method safe against Cross-site scripting and other hacking methods?
I am getting my info from the www3schools.com.
I just want rid of the spam and virus attacks an email address on a website causes.
Any comments, thoughts, sites with relevent info, alternatives appreciated.
Thanks Penguin
I have decided to remove my email address (an image) from my buisiness website and use a HTML form with reCAPTCHA to keep out the bots, so i have been learning some php.
The more i learn the less certain i am about the way forward.
I have two scenarios at the moment:
1. I use somthing simple like:
<?PHP
$email_to_me = "my email address";
$name =$_POST['name'];
$email =$_POST['email'];
$comment =$_POST['comment'];
mail($email_to_me, $name, $comment, "from: .$email");
header("Location: contact.html");
?>
which will email me the message, redirect the user back to where they were but will not give the user a message sent confirmation.
2. I use somthing like:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$comment = test_input($_POST["comment"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Plus some field validation/error messages in the form.
Hopefully this will keep me on my HTML contact page and allow feedback to users of errors filling in fields and a confirmation can be message sent.
Is the second method safe against Cross-site scripting and other hacking methods?
I am getting my info from the www3schools.com.
I just want rid of the spam and virus attacks an email address on a website causes.
Any comments, thoughts, sites with relevent info, alternatives appreciated.
Thanks Penguin
Facebook
Twitter