Looking for a secure contact form

sophieschoice · September 30, 2012, 11:07am

Hi,

I am looking for a secure contact form that I can implement in my website. I found some scripts with Google, but when I read the comments I saw warnings that these scripts weren’t secure (prone to injections etc.). Is there a good script out there that is known to be secure and thus safe to use?

ralphm · September 30, 2012, 1:50pm

Hi sophieschoice. There are lots of them, indeed. I have a long list bookmarked, but have a look at this one, which is very secure and also very accessible:

[edit]Actually, there’s a version 3 new:

http://green-beast.com/gbcf-v3/[/edit]

sophieschoice · September 30, 2012, 2:10pm

Hi Ralph,

Thank you very much! This script sounds indeed very good, I am going to play with this one!

Do you perhaps know if this one is also a secure script? http://www.html-form-guide.com/contact-form/simple-php-contact-form.html

ralphm · September 30, 2012, 2:26pm

I just downloaded it and had a look at the code. It looks pretty secure to me, though I don’t have the most expert eye by a long shot. It checks for a valid email address, and protects your fields from malicious injections, so that’s pretty good. It doesn’t check so well that some silly characters are entered into some fields, though, which is a minus.

2ndmouse · September 30, 2012, 3:30pm

Just a thought, but why not add a field to your form that asks a question like 8-2+3= and validate it on your action page.
Bots can’t answer questions and probably wouldn’t know if a question even existed. I’ve used this concept for years and never had a problem (famous last words)

As I said - just a thought.

ralphm · September 30, 2012, 4:35pm

The first form I linked to actually has something like that. Personally, if I have something like that, I prefer to hide it in a “honeypot” field. An alternative is to have a time stamp on the form. There was a nice discussion about these options here:

logic_earth · October 4, 2012, 6:12am

Wufoo…secure as can be. Let someone else handle the forms and their security. (It is free enough for simple sites and contact forms!)

TanyaS · August 21, 2013, 6:39am

Hi, it’s been almost a year since you recommended Green-Beast. Are they still your favorite? I need to implement a super simple contact form where the user types in a name, phone and email and clicks Submit, and an email goes to a hard-coded email address. I don’t want bad guys to do anything malicious like send spam from the site.

Mittineague · August 23, 2013, 12:16am

Hi TanyaS, welcome to the forums.

Generally it’s a very poor idea to revive old threads as the participants are unlikely to see your post.

I think you quoted the wrong member, I think you meant @ralph_m; no?

ralphm · August 23, 2013, 12:50am

It’s certainly a reputable option, so worth a look, for sure.