-
February 23rd, 2009, 01:45 PM
#1
New to forms. Validating a form which sends an email. Security.
Hi,
I am creating a contactus form, which when submitted sends an email to the sites admin.
As the form is not placing data into the database, but simply sending an email containing the submitted data to the admin's email, do I need to do any PHP validation? Or can I just use the client side JavaScript?
If a hacker disables JavaScript, I'm worried that they may use it for malicious purposes.
Thanks for any help!
-
February 23rd, 2009, 03:19 PM
#2
Re: New to forms. Validating a form which sends an email. Security.
If security is an issue in any way, shape, or form, then use the server-side to process the form. However, since you are sending an e-mail, which requires the server-side, why not just validate it on the server side as well?
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
February 23rd, 2009, 03:41 PM
#3
Re: New to forms. Validating a form which sends an email. Security.
Thanks for helping PeejAvery, appreciated.
So from reading your explanation, I DO have to use some server-side validation due to the fact that it is PHP which will be sending the form, yes?
Also, I must ask, on my form, Home Address is not a required field, so should I look to have:
a) If field is empty, accept
b) If not empty, should only contain alpha-numeric characters and spaces.
Any advice is great,
again, thanks!
-
February 23rd, 2009, 04:59 PM
#4
Re: New to forms. Validating a form which sends an email. Security.
You never have to use server-side validation, but it is secure. JavaScript is never secure. But, in this case, since you have to use server-side code in order to send an e-mail, it would be foolish not do do the validation on the server-side as well. It would only be a little more work.
Originally Posted by Swerve
a) If field is empty, accept
http://us.php.net/empty
Originally Posted by Swerve
b) If not empty, should only contain alpha-numeric characters and spaces.
http://www.google.com/search?source=...0&oq=php+alpha
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
February 24th, 2009, 12:27 PM
#5
Re: New to forms. Validating a form which sends an email. Security.
If you need to validate something for sure, always use both client side and server side validation. Client side validation is achieved with javascript while server side with the preferred language you use for the app (in your case php).
Modern frameworks simplify this job for you generating the javascript for every validation you define in related configuration files (usually xmls).
BTW if you just need an email form, do you really care what people would put inside?
Wanna install linux on a vacuum cleaner. Could anyone tell me which distro sucks better?
I had a nightmare last night. I was dreaming that I’m 64-bit and my blanket is 32-bit and I couldn’t cover myself with it, so I’ve spent the whole night freezing. And in the morning I find that my blanket just had fallen off the bed. =S (from: bash.org.ru)
//always looking for job opportunities in AU/NZ/US/CA/Europe :P
willCodeForFood(Arrays.asList("Java","PHP","C++","bash","Assembler","XML","XHTML","CSS","JS","PL/SQL"));
USE [code] TAGS! Read this FAQ if you are new here. If this post was helpful, please rate it!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|