8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

PHP email submit backend question

by Joe Ray
6 replies
I am creating a squeeze page for myself using html5/css.

I don't know php but I am using a short php script I put together from what I found on the net just for the email submission/sign-up form back end.

It works fine but I want to make sure there is no security issues with this code.
How can I check this php code for possible security problems? Or, I don't have to worry about this?
#backend #email #php #question #submit
  • Profile picture of the author InsolentCat
    As long as the email is only going to you, and that address is hard coded, you don't have too much to worry about.

    It's also really good idea to make sure the permissions on the file are set to 644.
    {{ DiscussionBoard.errors[9169546].message }}
  • Profile picture of the author Terry Crim
    Post the code and see if someone can give you some pointers. There are quite a few form validation and email sending scripts, libraries and tutorials out there.

    Youtube has plenty of videos on these as well and how to write your own, what to look out for etc.

    The main thing is if it will be using a database, there are special things you need to do to protect the database if so. Also preventing someone from hijacking your script and sending out spam from it. Which you would be legally and financially liable for even though you personally didn't send the spam, but since it was sent from your hosting account and website you would be the liable party anyway.

    Validate ALL input.
    Prevent someone from sending emails via the script.

    Those are the main things but not all. If you are not using a database it will be much easier to secure and many exploits won't necessarily need to be addressed in your script as you would if you were using a database.

    Post the code and someone can take a look and give suggestions OR just use one of the many premade frameworks out there to do it for you. If you are using wordpress you can install plugins that will do all that for you without you needing to do anything with programming yourself.
    {{ DiscussionBoard.errors[9169553].message }}
    • Profile picture of the author Joe Ray
      Originally Posted by Terry Crim View Post


      The main thing is if it will be using a database, there are special things you need to do to protect the database if so. Also preventing someone from hijacking your script and sending out spam from it. Which you would be legally and financially liable for even though you personally didn't send the spam, but since it was sent from your hosting account and website you would be the liable party anyway.
      This is exactly what I am concerned about. Thanks very much Terry!

      I am not using WP, I am learning to code and creating my first site that I am writing from scratch.

      Basically, its just a small site with 3 pages. I just placed the php script in the site folder and the script is sending the submitted email address to the auto responder in my hosting package. I guess this could make it vulnerable to an attack? I am not sure.

      You think I should really just copy and post the code here in the forum?
      Signature

      {{ DiscussionBoard.errors[9169845].message }}
  • Profile picture of the author jeffatrackaid
    I would check out:
    Free PHP Form script : Form to Email processor : Process web contact forms

    Depending on how your script is coded, you could have security issues relating to spam, cross site scripting or other issues.

    Bots regularly scan for forms like this and attempt to probe them for weaknesses.
    {{ DiscussionBoard.errors[9170279].message }}
  • Profile picture of the author Joe Ray
    The more I am looking into this, the more complicated it seems. I still haven't figured out if my code is secure but now I think its probably not.

    There must be an easy way to secure this php code, but I don't know enough php to even have any idea how to do it.

    I still would appreciate some help with this.
    Signature

    {{ DiscussionBoard.errors[9172193].message }}
  • Profile picture of the author Nick1SEO
    Try to use SMTP over the PHP Mail function, you'll get better results on a contact form.
    {{ DiscussionBoard.errors[9195418].message }}

Trending Topics