Hi, im just checking, when making a contact form on my site, what security measures are best to place ? This is a basic process form code - <?PHP $to="admin@site.com"; $subject="Subject here"; $message="This is the message"; $headers= "From: site@site.com\r\n"; $headers .= "Reply-To: site@site.com\r\n"; if(mail($to, $subject, $message, $headers)) { echo("Email sent"); } else { echo("BAd luck"); } ?> PHP: To stop spammers what is best practice.
What sort of security are you looking for? If you don't want bots spamming you, I would recommend using a simple captcha system. You can create this on your own pretty easily by asking a question and requiring a specific answer or you could use a free captcha class that's out there. You don't really have to worry about any sort of injection as this isn't doing anything with a database, so spammers are about the only nuisance.
Read This http://forums.digitalpoint.com/showpost.php?p=9375837&postcount=2 about sql injections i agree with fireflyproject using free captcha class can help to stop spaming
You can add a captcha or some random IQ questions (like: 3 multiplied by 4 is=?) I think captcha is the best way to protect web forms from spammers.
I don't recommend captcha they irritate users instead use something like http://forums.digitalpoint.com/showthread.php?t=1034005 pretty strong spam prevention yet no user action is needed eg (read stupid text form stupid image)