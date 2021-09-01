This is a sample, bare-bones form where people will go to leave a comment. It’s quite unadorned at the moment. Just wondering if it will be secure.
And, I don’t know if the regex is correct for what I want: “Comments can only contain letters, numbers, commas, periods, and white spaces.”
<?php
// if(isset($_POST['submit'])){
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$to = "my@email.com";
$subject= "Feedback";
$body = trim(htmlspecialchars($_POST['body']));
$body = validate($_POST['body']);
if (!preg_match('/^.*,*.\\.$\W\s', $body)) {
echo "Comments can only contain letters, numbers, commas, periods, and white spaces.";
}
$body = "Message: " . $body;
if(mail($to, $subject, $body)){
echo "Thank you - Your feedback was sent to me. I can't wait to read it!";
}else{
echo "Sorry, something went wrong with sending your comments.";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Feedback</title>
</head>
<body>
<div id="wrapper">
<form class="form" method="POST" enctype="text/plain">
<h1>Feedback Form</h1>
<p>For your security, please do not include your email or other private info. If you want to email us, please use the email on the website.</p>
<p><em>Comments can only contain letters, numbers, commas, periods, and white spaces.</em></p>
<textarea name="body"></textarea>
<button type="submit" name="submit">Submit</button>
</form>
</div>
<!--
https://blog.sqreen.com/top-10-security-best-practices-for-php/
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Cheatsheet
-->
</body>
</html>