Hi all, I need to add a contact form to a site I'm working on. I'm just thinking whether it would be better to go with an online solution (grab a form from somewhere and use it on my site) or building my own thing (complete with captcha etc). I'm not really good at php although I did build a very basic php form a very long time ago. Do you guys think it is better to go for an already made one? One of the things I'm slightly concerned about if I get one from the net is privacy: would that be an issue as I don't know where the data collected go?
what do you guys think?
Violet_82
89
Posting Whiz in Training
Recommended Answers
Jump to PostWell, the form should be HTML. Only very basic PHP would be required if at all. The back-end is down to you. You can DIY or use an authentication script - BUT - if you go 3rd party script - you MUST inspect the code with a tooth-comb - it …
Jump to PostWell ok, if you need help we're here. But my beef with using 3rd party scripts (I'm thinking small classes etc - not Framework-based ones), is that "devs" seem to trust these more than their own code, without understanding what they do and how they do it. A thrid party …
All 5 Replies
diafol
Well, the form should be HTML. Only very basic PHP would be required if at all. The back-end is down to you. You can DIY or use an authentication script - BUT - if you go 3rd party script - you MUST inspect the code with a tooth-comb - it could be an enormous security risk, if not done right. There are thousands of auth scripts out there. I'd advise you to read up on auth security, e.g. OWASP first so that you're aware of how malicious users could get into your system.
Violet_82
89
Posting Whiz in Training
What I'm thinking is that if I go for a DIY solution, how do I make sure that my code isn't in fact a security risk as opposed to one found on the web? I'm tempted to attemp my own, but I will obviously need help from the community as my php isn't so great
diafol
Well ok, if you need help we're here. But my beef with using 3rd party scripts (I'm thinking small classes etc - not Framework-based ones), is that "devs" seem to trust these more than their own code, without understanding what they do and how they do it. A thrid party script written by a senior or seasoned developer may well be more secure that anything you could knock up yourself, but you should have the ability to check the code; e.g. I've seen some right horrible scripts - SQL Injections and XSS vulnerabilities all over the place.
Violet_82
89
Posting Whiz in Training
Cool, thanks, I think I'll have a go at it and see if I can knock up something quick. Will open a new thread
Violet_82
89
Posting Whiz in Training
Since it looks like nobody is really giving me a hand with it https://www.daniweb.com/programming/web-development/threads/501777/validating-and-submitting-form-field-php and I don't know much about php, I need to reconsider my decision and perhaps look at an off-the-shelf solution. Can anybody suggest a good php contact form handling script please?
thanks
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.