Reply To: PHP Contact Form: errors execute for every field rather then individually

[krystyna93]

Ok, so the contact form I am using is quite a few years old now, but I am trying to modify it for PHP v5.4.

It’s still in progress, so little things like the ‘$errors .=’concatenation needs to be changed all to ‘$errors =’, which I have done so now.

I need to change the preg_match for the user input fields, yes they are too prejudice against foreign languages, I need to change that, same goes for the ‘message’ input too, thanks for letting me know.

So, this form I am using, I am not querying a database, so would you think sanitizing the input fields is pointless? Do you think I should just stick with validating the inputs with just preg_match patterns, and is that enough, or should I use strip_tags? You see also, I’m not entirely sure if my sanitizations are even working properly either.

I think I also may have to escape output strings too, what do you think?

And for the magic_quotes_gpc, which I didn’t realise was deprecated, what do you think is a better alternative to use for PHP v5.4 ?

I am still new to validating PHP input and proper standards for deterring security holes for XSS, header exploits, etc…

In your opinion, am I going in the right direction about protecting the form?

So sorry for this late reply…

Thanks :)
Your help is much appreciated!