What are the consequences of not validating a simple email form on the server.
Keep in mind that:
- there is no database in question, this is a simple email form
The PHP code I would like to use is this:
<?php $post_data = filter_input_array( INPUT_POST, FILTER_SANITIZE_SPECIAL_CHARS ); $full_name = $post_data["full_name"]; $email_address = $post_data["email_address"]; $gender = $post_data["gender"]; $message = $post_data["message"]; $formcontent = "Full Name: $full_name \nEmail Address: $email_address \nGender: $gender \nMessage: $message \n"; $formcontent = wordwrap($formcontent, 70, "\n", true); $recipient = "email@example.com"; $subject = "Contact Form"; $mailheader = "From: $email_address \r\n"; mail($recipient, $subject, $formcontent, $mailheader); echo 'Thank You! - <a href="#"> Return Home</a>'; ?>
Would a simple captcha solve the issue of security?
A few questions I would really like answered: If I am not worried about invalid data being sent, what is the absolute minimum I can do to improve security. Basically avoid disasters.
I should probably mention that this code is being generated in a form generator and I would like to avoid my users getting attacked. Spamming might be sorted by adding Captcha.
UPDATE: What is the worst case scenario?
UPDATE: Really appreciate all the answers!
A couple of things I plan to do:
add this as Alex mentioned: filter_var("$post_data['email_address']", FILTER_VALIDATE_EMAIL);
add simple captcha
If I did add simple server side validation, what should I validate for? Cant the user still send invalid data even if I am validating it?
Also, will the above stop spam?