954,597 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Months Ago
0

Form submission, Email Security

I am adding a page to my site that allows doctors to send me referrals. Some of the data will be highly sensitive, so I need to be sure that it is handled as securely as possible. The data doesn't get stored in a database. It is simply emailed directly to me. The PHP script is below.

I use the str_replace function to filter out URLs. I'm not too concerned about that. I really, though, need to be sure that bad guys cannot intercept what's being sent. The lawsuit may be a little more than ugly. How does it look? Does anyone think I need to add or remove anything to keep the bad guys at bay? I plan on adding a Captcha before I publish the page. Thanks in advance.

if(isset($_POST['submit'])) {

		

			$domains = array('.com', '.org', '.net', '.gov', '.edu', '.mil', '.int');

			$replacement = array('/*com*', '/*org*', '/*net*', '/*gov*', '/*edu*', '/*mil*', '/*int*');



			$to = "email@place.com";

			$subject = "**** (Referral)";

			$physican_field = strip_tags($_POST['physician']);

			$name_field = strip_tags($_POST['patient']);

			$insurance_field = strip_tags($_POST['primary']);

			$insurancenumber_field = strip_tags($_POST['insurance#']);

			$phone_field = strip_tags($_POST['phone']);

			$address = strip_tags($_POST['address']);

			$address = str_replace($domains, $replacement, $address);

			

			$body = "Physician: $physican_field\n Patient: $name_field\n Phone: $phone_field\n Primary Insurance: $insurance_field\n Insurance/Medicare#: $insurancenumber_field\n File: $file_uploaded\n Address: $message\n";

			

			mail($to, $subject, $body);

			



		} else {



			die("We apologize, but your form was not submitted succesfully");



		}
pallen
Light Poster
26 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
6 Months Ago
Show Comments
1

If you want to make interception more difficult, use an SSL connection. Then it will at least be sent encrypted.

Or let those doctors e-mail it to you directly, without using the webpage.

pritaeas
Posting Expert
Moderator
5,484 posts since Jul 2006
Reputation Points: 653
Solved Threads: 875
 
6 Months Ago
0

I was thinking about an SSL, but I don't want to pay for it. And they could email it, but they invariably leave out important info that patients never want to give out over the phone. With the form, I make each field required, and then I know I have it. I guess an SSL maybe the safest bet, though.

Thanks for the reply

pallen
Light Poster
26 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
6 Months Ago
0

Imo, CAPTCHA will not serve your purpose much. SSL is the best way. Find it expensive? I guess if so, there's the alternative of making your own SSL (but then users viewing a warning may be a downside).

reganstar
Junior Poster in Training
69 posts since Apr 2009
Reputation Points: 10
Solved Threads: 10
 
6 Months Ago
0

Thanks for the reply. I guess a private SSL isn't too bad. I checked and it's less expensive than I thought. Why don't you think CAPTHCA will serve the purpose?

pallen
Light Poster
26 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
6 Months Ago
Show Comments
1

Capthcha is used to avoid spam generated by bots, it can not defeat or restrict a human.

urtrivedi
Nearly a Posting Virtuoso
1,306 posts since Dec 2008
Reputation Points: 257
Solved Threads: 270
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed