Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Need contact forms processing recommendation

Need contact forms processing recommendation

Need contact forms processing recommendation

I'm looking to implement Google's reCAPTCHA v2 "I am not a robot" captcha on several web forms, which will integrate best for us if it submits to a PHP (vs. PERL) script. Our contact/info forms are currently submitting to a 2004 PERL script, NMS FormMail, which seems to just line up form keys and values, then email it to a designee.

I'm looking for a PHP form-processing script that does the same thing (i.e. emailing of generic form fields & data on submit), but which which also provides more modern security against data injection or other (?) exploits.

Any thoughts for me?

RE: Need contact forms processing recommendation

Why are you concerned about data injection if you don't mention any database and apparently have the form send to a specific designee? Are there other ways to inject data?

The question may be less difficult than you make it. https://www.google.com/search?q=contact+forms+proc...

RE: Need contact forms processing recommendation

I've been given to understand by our hosting company that contact forms are vulnerable to spamming and can be exploited for use as a bulk mail relay. I turned up one possible method at (https://jonathannicol.com/blog/2006/12/09/securing...).

I haven't done a lot of research into how our 14-year-old PERL submission script might be vulnerable... I was just interested in a more modern submission script that at least made an effort to combat spam and other possible exploits.

In the end, we just added a captcha to the form and updated our processing script to the currently-maintained Tectite FormMail, so I think we're covered for the moment.

RE: Need contact forms processing recommendation

The unfortunate truth is that very little has changed with form email in the past decades. One can use a poorly crafted form processor today or one created 14 years ago. Your Perl form processor may have been fine. Your hosting company could have stated exactly what they perceived as vulnerable on your site, if they were not making a general comment about all of their customers.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close