-1

how do I sterilize the coding for a very basic php order form connected to an html page? At the moment, the coding works, but I'm concerned that, as is, the coding enables potential spammers to have a field day with my site and email address. I'm not really sure exactly what sterilizing my code means/would entail, so any help would be greatly appreciated.

Lily Evans
  • 27
  • 1
  • 1
  • 5
  • i assume you hard codded the email address so they can only send spam to one person? –  Mar 25 '12 at 01:54

2 Answers2

1

You need to add a captcha to your form.

haltabush
  • 4,508
  • 2
  • 24
  • 41
0

You might have seen the word sanitize which is means that you need to beware the user. Always assume the users are evil super-hackers out to get you.

Anything can be submitted to your server, so you can't trust that anything you did to the webpage or expected from it will remain. Sanitizing input means escaping any potential html or SQL or checking for anything else before working with it.

Relevant: http://php.net/manual/en/function.mysql-real-escape-string.php

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
mowwwalker
  • 16,634
  • 25
  • 104
  • 157