I have made this form and I want to ask is this safe enough. I tried many times making a captcha thingie but it won't work for me. I am still a student please don't sent to hard things.
Question 1 : Is mysql_real_escape_string safe enough? Question 2 : I need a really simple (numeric) captcha, can someone send me an example (or other stack post)
This gona be used on an informatic site just as a mail form. on that site are no databases/logins and that.
<?php
include '../connect.php'; #db connection for mysql_real_escape_string
$errors = array('');
//valideren of er op de submit gedrukt is en of alle benodigde data is ingevuld
if(isset($_POST['submit'])){
if(!empty($_POST['naam']) && !empty($_POST['email']) && !empty($_POST['bericht'])){
$naam = mysql_real_escape_string($_POST['naam']);
$email = mysql_real_escape_string($_POST['email']);
$bericht = mysql_real_escape_string($_POST['bericht']);
$telefoon = mysql_real_escape_string($_POST['telefoon']);
$regex = "/^[A-Za-z .'-]+$/";
if(!preg_match($regex,$naam)) {
array_push($errors , 'De naam is niet geldig');
}
if(strlen($bericht) < 5) {
array_push($errors , 'Het bericht is te kort');
}
$email_regex = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_regex,$email)) {
array_push($errors , 'Uw email is niet geldig.');
}
Here comes mail part.
}else{
array_push($errors , 'Een van de verplichte velden is niet ingevuld. Alle velden met * zijn verplicht.');
}
}
?>
<form method="post">
<p>
<label>naam*</label>
<input type="text" name="naam"/>
</p>
<p>
<label>email*</label>
<input type="text" name="email"/>
</p>
<p>
<label>telefoon</label>
<input type="text" name="telefoon"/>
</p>
<p>
<label>Bericht*</label>
<textarea name="bericht" style="width:459px; height:187px;" ></textarea>
</p>
<p>
<label> </label>
<input type="submit" value="verstuur" name="submit"/>
</p>
</form>
<?php
if (count ($errors > 0)){
foreach($errors as $error){
echo '<p class="error">'.$error.'</p>';
}
}
?>
