I've got a PHP contact form that includes the email address where the form gets emailed to hardcoded as shown below.
Is that sufficiently safe to use or am I likely to get spammed from bots?
What's a reasonable solution? Would something like this be better?
$toemail1 = "email";
$toemail = $toemail1 + "@address.com";
original php code:
//name can contain only alpha characters and space
if (!preg_match("/^[a-zA-Z ]+$/",$name))
{
$error = true;
$name_error = "Please enter valid name";
}
if(!filter_var($fromemail,FILTER_VALIDATE_EMAIL))
{
$error = true;
$fromemail_error = "Please enter valid email address";
}
if(empty($message))
{
$error = true;
$message_error = "Please enter your message";
}
if (!$error)
{
//send mail
$toemail = "email@address.com";
$subject = "Enquiry from Visitor " . $name;
$body = "Here goes your Message Details:
Name: $name
From: $fromemail
Message:
$message";
$headers = "From: $fromemail
";
$headers .= "Reply-To: $fromemail";
if (mail ($toemail, $subject, $body, $headers))
$alertmsg = '<div class="alert alert-success text-center">Message sent successfully. We will get back to you shortly!</div>';
else
$alertmsg = '<div class="alert alert-danger text-center">There is error in sending mail. Please try again later.</div>';
}
}
?>