I am looking for a secure contact form that I can implement in my website. I found some scripts with Google, but when I read the comments I saw warnings that these scripts weren’t secure (prone to injections etc.). Is there a good script out there that is known to be secure and thus safe to use?
Hi sophieschoice. There are lots of them, indeed. I have a long list bookmarked, but have a look at this one, which is very secure and also very accessible:
I just downloaded it and had a look at the code. It looks pretty secure to me, though I don’t have the most expert eye by a long shot. It checks for a valid email address, and protects your fields from malicious injections, so that’s pretty good. It doesn’t check so well that some silly characters are entered into some fields, though, which is a minus.
Just a thought, but why not add a field to your form that asks a question like 8-2+3= and validate it on your action page.
Bots can’t answer questions and probably wouldn’t know if a question even existed. I’ve used this concept for years and never had a problem (famous last words)
The first form I linked to actually has something like that. Personally, if I have something like that, I prefer to hide it in a “honeypot” field. An alternative is to have a time stamp on the form. There was a nice discussion about these options here:
Hi, it’s been almost a year since you recommended Green-Beast. Are they still your favorite? I need to implement a super simple contact form where the user types in a name, phone and email and clicks Submit, and an email goes to a hard-coded email address. I don’t want bad guys to do anything malicious like send spam from the site.