I am adding a page to my site that allows doctors to send me referrals. Some of the data will be highly sensitive, so I need to be sure that it is handled as securely as possible. The data doesn't get stored in a database. It is simply emailed directly to me. The PHP script is below.
I use the str_replace function to filter out URLs. I'm not too concerned about that. I really, though, need to be sure that bad guys cannot intercept what's being sent. The lawsuit may be a little more than ugly. How does it look? Does anyone think I need to add or remove anything to keep the bad guys at bay? I plan on adding a Captcha before I publish the page. Thanks in advance.
I was thinking about an SSL, but I don't want to pay for it. And they could email it, but they invariably leave out important info that patients never want to give out over the phone. With the form, I make each field required, and then I know I have it. I guess an SSL maybe the safest bet, though.
Imo, CAPTCHA will not serve your purpose much. SSL is the best way. Find it expensive? I guess if so, there's the alternative of making your own SSL (but then users viewing a warning may be a downside).