[Phpwm] Securing feedback forms

David Johnson dj at david-web.co.uk
Wed Nov 1 12:14:29 GMT 2006


On Wednesday 01 November 2006 11:00, Greg Jones wrote:
>
> only from the beginning or end of the string though, not anywhere within
> it.
>

Sigh. That'll teach me to read things properly in future...

Thanks for all the suggestions. I'm now doing the following to user input:
* checking the string length is not greater than the maxlength of the text box
* checking for \n and \r control characters
* doing addslashes, trim and strip_tags (to stop me receiving garbage, rather 
than to increase security)
* checking for multiple occurrences of '@' in the provided from address

Hopefully that should keep the spammers away for a while, unless anyone can 
think of something I've missed. I remember the days when you could just stick 
your e-mail address in a mailto: link on your website without fear...

Cheers,
David.



More information about the Phpwm mailing list