I'm building a contact form
(PHP file, design has been already made) which will communicate with the PHP via AJAX
. I need to secure the contact form to deny any spam, for the client side, I'll be using ReCaptcha
for the validation on client side ... But, how can I secure the script from being tampered with or sending arbitrary codes?
I mean, if the spammer/hacker uses the form and submits a PHP code that could affect the server, how can I prevent this from happening?