Jump to content

Form Tutorial Help


ben03
 Share

Recommended Posts

Hi there,

  I was using the https://www.w3schools.com/php/php_form_validation.asp tutorial to create a form that strips out malicious tags etc via the following. However when I receive the form the tags seem to be intact. Is what I am doing wrong and how should I correct it if so?

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<?php

$phone = $location = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $phone = test_input($_POST["phone"]);
    $location = test_input($_POST["location"]);

    $toEmail = 'email@address.com';
    $emailSubject = 'Callback request form';
    $headers = ['From' => 'homepage', 'Reply-To' => 'noreply', 'Content-type' => 'text/html; charset=iso-8859-1'];

    $bodyParagraphs = ["Callback request number: {$phone}<br />", "Location: {$location}"];
    $body = join(PHP_EOL, $bodyParagraphs);

    if (mail($toEmail, $emailSubject, $body, $headers)) {
        echo '<p>Thank you for your interest, we will respond as soon as possible.</p>';
    } else {
        echo '<p>Something went wrong. Please try again later.</p>';
    }
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
?>

 

Link to comment
Share on other sites

Just now, niche said:

Potentially, there are all kinds to potential security issues not covered by:

http:// https://www.w3schools.com/php/php_form_validation.asp

Everything from malicious attacks to cleaning inputs. 

EDIT:

PDO doesn't even cover them all.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...