Hi,
I have some php code that reads users submissions from a form and then posts these to a specified email address. I need help with making sure the code is secure from hacking - by validating the form data, this is what I have so far:
Here is the PHP code for the form - I have one array field (hence the isset) the rest is standard:
[php]<?php
$body = “These comments were sent via the website\n\n”;
if ( isset($_POST[‘Q1’]) ) {
$_POST[‘Q1’] = implode(’, ', $_POST[‘Q1’]);
}
foreach($_POST as $field => $value) {
$body .= sprintf("%s = %s\n\n", $field, $value );
}
mail("[email protected]", “Comments sent via website”, $body,
‘From: “MySite.com” [email protected]’);
?>[/php]
Here is the typical security I am looking to implement:
[php]<?php
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
}
?>[/php]
How can I implement this security feature with the form php code - I am not really sure about this part?
Also, would a captcha be necessary/good idea also along with the htmlspecialcharts etc?
Thanks for any help,
Andy 