Jump to content
Larry Ullman's Book Forums

Bulletproof Php Contact Form


Recommended Posts

Hi Larry,

 

I just read your book and it was a very pleasant read and exactly the basic understanding of php that I wanted to help me as a web designer. Right now I am trying to make a basic contact form for a website (name, email, phone, message, submit) that will be emailed to the email address I specify. I know you covered a few aspects of working with contact forms in your book, such as validating entries and protecting from malicious users, but I was wondering if there was anything that wasn't covered in the book that I would want to include (I know it is only a beginner's book and couldn't have covered everything). Even better, do you know of any really good "bulletproof" script samples online that I could use as a reference? I figure I don't need to reinvent the wheel with only my basic knowledge of php. I've searched around online and found lots of script samples, but I just don't know who's to trust. I plan to use this script on websites that I am charging clients money for, so I want to feel confident in it :) Here are a couple of things that I think I want based on what I have found online (please let me know if I have missed anything important):

 

1-protects against spam (is the only way to do this using Captcha?)

2-validates entries (I read that I should validate it with javascript in addition to php, so that users don't have to leave the page/erase entries if they have javascript enabled)

3-protects from malicious users

 

Here is one sample tutorial I found that uses jquery/php. (http://www.raymondselda.com/php-contact-form-with-jquery-validation/)

Here is another basic tutorial on how to validate with php. (http://myphpform.com/validating-forms.php)

 

Any input would be appreciated. Thanks!

 

PS: I plan on getting your new upcoming version of php and mysql. Hope that is going well! I want to learn more advanced php because I am starting to work with the Wordpress CMS. Hey, there's your next book idea! I can already connect some of the dots after reading this book, but a book that specifically breaks down all the php components of the Wordpress core and theme creation for php beginner's would be awesome. I think a lot of designers are in my shoes where we know html/css and are trying our best to just modify the php code in Wordpress as we go along without having a solid grasp of it.

Link to comment
Share on other sites

Hi Tonyk,

 

I haven't got the book your using, but I can try and help you. In terms of a captcha, not quite. A captcha only really tries to protect you from robots using your form. The idea being that a robot can't read the captcha, but a human can. They are actually relatively easy to install and make you feel pleased with the end result. You can also just use a simple maths question, I seee that used a lot too. What a captcha can't protect against is human span. I could go on to your form and pass captcha validation, but then use various headers to try and spam your form. So in short a captcha can be helpful. Validation of entries is always a good step, but you don't actually need javascript to validate it. Although it does look nice and enhance the user experience. If you make your form sticky, you will not erase entries if there was an error. Finally I would say in a contact form, the main focus should be stopping malicious input. Larry's book your waiting for did (in the previous edition that I have) have a topic regarding sending mail and scrubbing spam that you'll find very helpful to your form.

 

Regarding WP I don't use it, I have played with it however. I think it's OO so without a solid base of PHP to start with I think it would be hard to be able to get your head around. I may be wrong.

 

Anyway, let me know how you get on ;)

  • Upvote 1
Link to comment
Share on other sites

- Escape your queries. mysqli_real_escape_string or prepared statements (if this is for a database)

- type force (int) and use ctype_digit() on numbers.

- Check length of string

- Check if it contains values (!= null, !empty(), isset())

- Regex for email

- Check out jQuery validate UI (it's great!)

 

This will take you far. :)

 

Good luck

  • Upvote 1
Link to comment
Share on other sites

Hello Tony,

 

Thanks for the nice words on the book and for your interest in my other books. This is a good question. Besides what Antonio and Jonathon have added (thanks!), in my PHP & MySQL book, I have a "spam scrubber" function that can catch potential spamming hooks found in the entire form data submission. I also, if using a version of PHP that supports it, recommend using the Filter extension of PHP to validate email addresses.

Link to comment
Share on other sites

 Share

×
×
  • Create New...