Hi all, I need to add a contact form to a site I'm working on. I'm just thinking whether it would be better to go with an online solution (grab a form from somewhere and use it on my site) or building my own thing (complete with captcha etc). I'm not really good at php although I did build a very basic php form a very long time ago. Do you guys think it is better to go for an already made one? One of the things I'm slightly concerned about if I get one from the net is privacy: would that be an issue as I don't know where the data collected go?
what do you guys think?

Recommended Answers

All 5 Replies

Member Avatar for diafol

Well, the form should be HTML. Only very basic PHP would be required if at all. The back-end is down to you. You can DIY or use an authentication script - BUT - if you go 3rd party script - you MUST inspect the code with a tooth-comb - it could be an enormous security risk, if not done right. There are thousands of auth scripts out there. I'd advise you to read up on auth security, e.g. OWASP first so that you're aware of how malicious users could get into your system.

What I'm thinking is that if I go for a DIY solution, how do I make sure that my code isn't in fact a security risk as opposed to one found on the web? I'm tempted to attemp my own, but I will obviously need help from the community as my php isn't so great

Member Avatar for diafol

Well ok, if you need help we're here. But my beef with using 3rd party scripts (I'm thinking small classes etc - not Framework-based ones), is that "devs" seem to trust these more than their own code, without understanding what they do and how they do it. A thrid party script written by a senior or seasoned developer may well be more secure that anything you could knock up yourself, but you should have the ability to check the code; e.g. I've seen some right horrible scripts - SQL Injections and XSS vulnerabilities all over the place.

Cool, thanks, I think I'll have a go at it and see if I can knock up something quick. Will open a new thread

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.