We're a community of 1076K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,075,916 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Whitewater cloud storage gateways
1 Year Ago
0

Form submission, Email Security

I am adding a page to my site that allows doctors to send me referrals. Some of the data will be highly sensitive, so I need to be sure that it is handled as securely as possible. The data doesn't get stored in a database. It is simply emailed directly to me. The PHP script is below.

I use the str_replace function to filter out URLs. I'm not too concerned about that. I really, though, need to be sure that bad guys cannot intercept what's being sent. The lawsuit may be a little more than ugly. How does it look? Does anyone think I need to add or remove anything to keep the bad guys at bay? I plan on adding a Captcha before I publish the page. Thanks in advance.

if(isset($_POST['submit'])) {

		

			$domains = array('.com', '.org', '.net', '.gov', '.edu', '.mil', '.int');

			$replacement = array('/*com*', '/*org*', '/*net*', '/*gov*', '/*edu*', '/*mil*', '/*int*');



			$to = "email@place.com";

			$subject = "**** (Referral)";

			$physican_field = strip_tags($_POST['physician']);

			$name_field = strip_tags($_POST['patient']);

			$insurance_field = strip_tags($_POST['primary']);

			$insurancenumber_field = strip_tags($_POST['insurance#']);

			$phone_field = strip_tags($_POST['phone']);

			$address = strip_tags($_POST['address']);

			$address = str_replace($domains, $replacement, $address);

			

			$body = "Physician: $physican_field\n Patient: $name_field\n Phone: $phone_field\n Primary Insurance: $insurance_field\n Insurance/Medicare#: $insurancenumber_field\n File: $file_uploaded\n Address: $message\n";

			

			mail($to, $subject, $body);

			



		} else {



			die("We apologize, but your form was not submitted succesfully");



		}
4
Contributors
5
Replies
1 Week
Discussion Span
1 Year Ago
Last Updated
6
Views
pallen
Light Poster
27 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
1 Year Ago
1

If you want to make interception more difficult, use an SSL connection. Then it will at least be sent encrypted.

Or let those doctors e-mail it to you directly, without using the webpage.

pritaeas
Posting Prodigy
Moderator
9,280 posts since Jul 2006
Reputation Points: 1,173
Solved Threads: 1,457
Skill Endorsements: 86
1 Year Ago
0

I was thinking about an SSL, but I don't want to pay for it. And they could email it, but they invariably leave out important info that patients never want to give out over the phone. With the form, I make each field required, and then I know I have it. I guess an SSL maybe the safest bet, though.

Thanks for the reply

pallen
Light Poster
27 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
1 Year Ago
0

Imo, CAPTCHA will not serve your purpose much. SSL is the best way. Find it expensive? I guess if so, there's the alternative of making your own SSL (but then users viewing a warning may be a downside).

reganstar
Junior Poster in Training
72 posts since Apr 2009
Reputation Points: 10
Solved Threads: 10
Skill Endorsements: 0
1 Year Ago
0

Thanks for the reply. I guess a private SSL isn't too bad. I checked and it's less expensive than I thought. Why don't you think CAPTHCA will serve the purpose?

pallen
Light Poster
27 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
1 Year Ago
1

Capthcha is used to avoid spam generated by bots, it can not defeat or restrict a human.

urtrivedi
Posting Virtuoso
1,714 posts since Dec 2008
Reputation Points: 299
Solved Threads: 362
Skill Endorsements: 24

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.1095 seconds using 2.74MB