Php form security

PHP
1

http://www.pauserefreshment.co.uk/coffee-machine-brochure-request.html

Hi From pleasantly mild, no wind or rain wakefiled UK…

I’m after advice please regarding php form security. At the top of this post is a php form I struggled to get together but I suspect following a virul infection into the site where an ifram got inserted into every page of the site my DIY php form skills may have left the site vulnerable to attack.

Here is the suspect line of code - ( as a graphic to prevent cross infection)

So if anyone could suggest an idea to prevent php form vulnerability I’d be v happy :slight_smile:

2

Also, I’m thinking it might be the server/ hosting account that’s been compromised as it’s adding the iframe to every page on your site.

3

You need to sanatize the data from your form elements before doing anything with it.
A quick and easy way to do it is as follows:

$yourField = htmlentities ( trim ( $_POST[“doThisForEachField”] ) , ENT_NOQUOTES );

What this does is make sure that it ends up in plain text and it removes all HTML elements.

4

Thank you for all your replies. I have taken out the iframe. i hope no one still sees any virus code in the site because I cant. Bit concerened some sitepoint members may being seeing something I cant.

Please let me know if you detect any virul code in www.pauserefreshment.co.uk

Ive rant it through google web master tools and I was sure I’d knocked out all the i frames…

5

Most probably it is not the form; even the static HTML pages are affected.

Since it seems to be a static HTML website it is either the hosting account or your FTP login that is compromised. There are certain trojans that steal your FTP login info from your local machine. Cleanup your local machines (that access the web server/upload to the web server) as well.

if you are using a CMS to manage the site, the vulnerability could be with the CMS.