PHP form problem

    Date: 12/05/05 (PHP Community)    Keywords: mysql, sql, security

    I was just asked to take a look at a form here at work. The purpose of it is to allow people to sign up for a mailing list: first name, last name, email. It takes the details from the form and just adds it to a MySQL db without doing any error checking. The client has just said that they're getting all kinds of weird entries. What's showing up look like pieces from email headers. I just took a look at the script (which I didn't write) and there doesn't seem to be any security on it to restrict access to the form script to just the client's domain. All of the weird entries seem to be coming from the same email address (onemoreaddress@hotpop.com)

    My guess is that someone is submitting info to the form through another domain or otherwise hacking the form/db. Has anyone had a problem like this before or have any other opinions on what might be causing it?

    I'm going to add in some error checking and see if I can set up something to only allow the form to be processed if submitted on the client's domain. Anything else I should think about?

    Source: http://www.livejournal.com/community/php/374052.html

« Rounding madness || Beginner Question »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home