I have a php website that is working well. It's allows customer to make online reservation and email is sent to us. We have message field, number of passenger and others. The message field is set to 30 characters limit and number of passenger limit is 2 characters. Works well. However, some hackers are being overwitten the message field to like 1000 characters and number field to 20 characters. These people are like telemaketers. What and how can I prevent this. Do I need to install some security software? Which one?Please suggest. Thanks in advance. Here's the code /// Contact page
# of Passenger:
<textarea maxlength="150" placeholder="Message/Notes" rows="5" COLS="60" name="notes" title="Note/Message" style="height:71px; width:133px; margin-top:-47px;margin-left:175px;"></textarea>
<input type="submit" name="submit" value="Send"> <input type="button" value="Cancel" onClick="window.location='index.php';" name="Cancel" >
/// iProcess page if ($_SERVER["REQUEST_METHOD"] == "POST") {
$notes = $_POST['notes'];
$notes = htmlentities($notes, ENT_QUOTES, 'UTF-8');
$passenger = $_POST['passenger'];
//// email send here $to = "info@mytest.com"; // Tracking customer for sometime. would remove my email later $subject = "Reservation";
$message ="
<html>
<head>
<title>Reservation Email</title>
</head>
<body>
<p>Customer Reservation information </p>
<table>
<tr>
<th>Order Number :</th>
<td>$ordernumber</td>
</tr>
<tr>
<th>Number of Passenger :</th>
<td>$passenger</td>
</tr>
<tr>
<th>Messages/Notes :</th>
<td>$notes</td>
</tr>
</table>
</body>
</html>
";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
////// more headers
//$headers .= 'From: <info@mytest.com' . "\r\n";
//$headers .= 'Cc: <>' . "\r\n";
$success = mail($to,$subject,$message,$headers);
if (!$success) {
$errorMessage = error_get_last()['message'];
}
else
{ echo "Email send successfully"; }
}
else
{
echo "Unable to connect or send your reservation!";
}
}
