[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG]Re: submit-message form on website

To: list@xxxxxxxxxxxxx
Subject: [LUG]Re: submit-message form on website
From: rds_met <dcglug@xxxxxxxxxxxxxxx>
Date: Thu, 6 Jul 2023 09:48:20 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1681290362; h=Content-Transfer-Encoding:Content-Type: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Help:List-Id: Subject:Reply-To:Message-Id:In-Reply-To:To:References:Date:Mime-Version:From: Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Archive; bh=7CC7Ozi9oViw61hX94RQ+1uNjNmx0EJ5Awypf2ljV+Q=; b=j6UkpTV9+FRqoLjIQON0/yxuYX PfJIhPPtK9u9zz+7IE+H/FjWuK9orN4TPvu3yV2WHlpOnTT2LborG1uY2xhK87HW+zmhL8hlio5d4 5XlBoGtpBuLTKCOCgzeHkVlPDXvcC2/612p5+C/aiA+wdpBMlmYuS1YF88afPWsoHsaE=;

Quick dumb (?) question on PHP

Checking if “myscript.php” will only do something if called by “forms” “POST” method

One variant
if(isset($_POST['submit'])){

is another variant of smae check?
if ($_SERVER["REQUEST_METHOD"] == "POST") {

Sorreeeee….!
Trying to get up to speed ASAP


> On 5 Jul 2023, at 21:28, Simon Avery <digdilem@xxxxxxxxx> wrote:
> 
> Hi Rich, 
> 
> PHP web to email forms have a long and murky history - not helped by one of the 
> most popular early ones being very easy to manipulate - and it was! I've no doubt 
> it's still out there in many places and acting as an open relay for thousands of 
> badly intentioned people. I certainly see bots searching for it on my web servers.
> 
> The technical side of writing a web form is really very easy, php has email 
> built-in after all, or you can use a local or remote smtp server to send it. 
> 
> Follow a few basic rules, and ensure you read up on php and web security first 
> (there's lots of good guides out there so I won't repeat them badly here)
> 
> DO: Sanitise input. 
> DO: Hardcode the "To" address, always, to stop it being used as an open gateway.
> 
> It will be abused, of course, and almost instantly. Bots are crawling html 
> constantly for any form elements and will try to send spam through them. Why not, 
> it costs them nothing?
> 
> But generally - as with all things security - you can never be totally secure. If 
> you have doubts, don't do it, or use one of the many freely available webforms,  
> even if they're commercially operated.
> 
> (The first example on your link is horrible - even if just because it doesn't 
> hardcode the from. The first replier has fixed that.)
> 
> On Sun, 2 Jul 2023 at 00:27, rds_met <dcglug@xxxxxxxxxxxxxxx> wrote:
> Hello all
> 
> I found suggested code here:
> https://stackoverflow.com/questions/18379238/send-email-with-php-from-html-form-on-submit-with-the-same-script
> 
> I copied the coupled html-forms code and PHP code into the two
> respective files.
> With due edits for my individual details.
> 
> It seems to work perfectly.
> 
> Anyone comment how
> * secure
> * etc.
> this is?
> 
> Best wishes,
> Rich Smith
> 
> --
> The Mailing List for the Devon & Cornwall LUG
> FAQ: https://www.dcglug.org.uk/faq/
> --
> The Mailing List for the Devon & Cornwall LUG
> FAQ: https://www.dcglug.org.uk/faq/

--
The Mailing List for the Devon & Cornwall LUG
FAQ: https://www.dcglug.org.uk/faq/

References:
- [LUG]submit-message form on website
  - From: rds_met
- [LUG]Re: submit-message form on website
  - From: rds_met
- [LUG]Re: submit-message form on website
  - From: Simon Avery

Prev by Date: [LUG]Re: submit-message form on website
Next by Date: [LUG]Re: submit-message form on website
Previous by thread: [LUG]Re: submit-message form on website
Next by thread: [LUG]Re: submit-message form on website
Index(es):
- Date
- Thread