Ben
-
Posts
3 -
Joined
-
Last visited
Posts posted by Ben
-
-
I'm actually with CalBear on this one. The shorter doctype is less code, faster, easy to remember and doesn't break anything. Unless you are required to have your pages "validate", use it for everything, starting now! The debates above over adoption of HTML5 elements and CSS3 declarations are something else entirely. Let's not confuse the issues.
As a student, it took me a good long while to figure out that the new ultra-short doctype is not some proposed standard that browsers need to eventually adopt, but rather a reverse-engineered thing that (it was discovered) already puts both modern and legacy browsers in "standards" mode. I wish this had been more clearly explained to me by someone earlier on, without going into all the related but separate HTML5 topics.
-
First, let me say thanks, I've found your PHP book (4th ed.) very useful for a beginner.
In your section on form submission, you give the example of checking a submitted email address in a form, to confirm that it only has one "@" symbol. You mention that, of course, this is only the tip of the iceberg as far as form security.
Now, I have a real-world project where I need a contact form to be fairly hack-resistant, and was wondering if you could point me to a "best practice" PHP script that is up-to-date in terms of validation and security. Something I could study, learn from, etc. There are of course gobs of these posted on various forums, but most are old, oversimple, and seem to lack any real security precautions.
The most useful, complete-seeming contact form script I've come across is here:
http://css-tricks.co...-functionality/
Can you comment/advise/direct on this topic? I know you're not in the business of cookbook-style examples but I need to get this right the first time!
Sample Contact Form Script?
in PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
Posted
Thanks Larry. I know the site is called "css-tricks" but it's not all in the title! Don't judge a site by its URL?
The linked page is actually a PHP script with a host of form validation techniques. I understand the Filter extension you're referring to. That's great for a beginner to understand. I guess I was wondering if that's enough in the real world, in a security conscious production environment in the year 2012?
Here, below, is the PHP snippet from the link that I was referring to. It uses session-specific tokens, regular expressions to "clean" the email address, and writes any bounced efforts to a hacklog. I wanted to avoid dumping the whole snippet here but maybe it's easier to refer to directly: