[Phpwm] Securing feedback forms
David Johnson
dj at david-web.co.uk
Wed Nov 1 12:14:29 GMT 2006
On Wednesday 01 November 2006 11:00, Greg Jones wrote:
>
> only from the beginning or end of the string though, not anywhere within
> it.
>
Sigh. That'll teach me to read things properly in future...
Thanks for all the suggestions. I'm now doing the following to user input:
* checking the string length is not greater than the maxlength of the text box
* checking for \n and \r control characters
* doing addslashes, trim and strip_tags (to stop me receiving garbage, rather
than to increase security)
* checking for multiple occurrences of '@' in the provided from address
Hopefully that should keep the spammers away for a while, unless anyone can
think of something I've missed. I remember the days when you could just stick
your e-mail address in a mailto: link on your website without fear...
Cheers,
David.
More information about the Phpwm
mailing list