I created one form for my site. I want to that form to be more secure. Can u please help me with its security. Link to my form http://www.manaclassifieds.co.cc I see some hackers are automatically posting through it. I didn't take any security measures.
Escape your form inputs using mysql_real_escape_string Also you may also sanitize the inputs of special characters like HTML tags.
Yea, if this is entering into a mysql database use mysql_real_escape_string on all post data. Before you output any data to the screen, use htmlspecialchars so that you aren't open to XSS attacks. A captcha would be very nice too, maybe try re-captcha. It's very simple to integrate into your site and should help protect against most bots. Lastly, a dirty old trick that I don't know if it still works, but add a hidden form field and make sure once data is posted that it is empty. Bots don't see forms the way we do, they just see the HTML and will fill out the field. You can also try setting a hidden form field to 1 and make sure that value remains set to 1.
It's good to use non-convetional names for your inputs (don't use mail, email, e-mail, address for your e-mail field)
here's a Contact Form Generator with captcha security and form validation (medium security): Contact Form Generator
Doesn't he need to validate and sanitize and all that? im new to php but was very recently reading about that regarding forms and email etc. Or would he already have that in place?