Looking for a secure contact form


I am looking for a secure contact form that I can implement in my website. I found some scripts with Google, but when I read the comments I saw warnings that these scripts weren’t secure (prone to injections etc.). Is there a good script out there that is known to be secure and thus safe to use?

Hi sophieschoice. There are lots of them, indeed. I have a long list bookmarked, but have a look at this one, which is very secure and also very accessible:

[edit]Actually, there’s a version 3 new:


Hi Ralph,

Thank you very much! This script sounds indeed very good, I am going to play with this one!

Do you perhaps know if this one is also a secure script? http://www.html-form-guide.com/contact-form/simple-php-contact-form.html

I just downloaded it and had a look at the code. It looks pretty secure to me, though I don’t have the most expert eye by a long shot. It checks for a valid email address, and protects your fields from malicious injections, so that’s pretty good. It doesn’t check so well that some silly characters are entered into some fields, though, which is a minus.

Just a thought, but why not add a field to your form that asks a question like 8-2+3= and validate it on your action page.
Bots can’t answer questions and probably wouldn’t know if a question even existed. I’ve used this concept for years and never had a problem (famous last words)

As I said - just a thought.

The first form I linked to actually has something like that. Personally, if I have something like that, I prefer to hide it in a “honeypot” field. An alternative is to have a time stamp on the form. There was a nice discussion about these options here:

Wufoo…secure as can be. Let someone else handle the forms and their security. (It is free enough for simple sites and contact forms!)

Hi, it’s been almost a year since you recommended Green-Beast. Are they still your favorite? I need to implement a super simple contact form where the user types in a name, phone and email and clicks Submit, and an email goes to a hard-coded email address. I don’t want bad guys to do anything malicious like send spam from the site.

Hi TanyaS, welcome to the forums.

Generally it’s a very poor idea to revive old threads as the participants are unlikely to see your post.

I think you quoted the wrong member, I think you meant @ralph_m; no?

It’s certainly a reputable option, so worth a look, for sure.