homepage Welcome to WebmasterWorld Guest from 54.237.184.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Request for testing and feedback
Find holes in my php form parser
CDNQuilter




msg:3212847
 2:23 am on Jan 9, 2007 (gmt 0)

Hi all -
I have been busy learning php these past few months and now would like some help and/or feedback.

I know everyone and their dog has a form script but as a learning project, I created a parser that has made it really simple to implement forms. (My next step is to turn it into a class.)

It takes input that looks like this:

// Masks
$mask['text'] = " name ¦ type ¦ desc ¦ label ¦ regex ";
$mask['textarea'] = " name ¦ type ¦ desc ¦ rows ¦ cols ";
$mask['radio'] = " name ¦ type ¦ desc ¦ label ¦ reqd ";

// Specs

$item[1] = " client name ¦ text ¦ Name ¦ Your name ¦ fullname ";
$item[2] = " message ¦ textarea ¦ Message ¦ 20 ¦ 30 ";
$item[3] = " time¦radio¦Preferred time¦Please state preferred time, if any ¦false";
$choicelist[3] = " morning¦afternoon¦evening ";

where:

name becomes the variable name in the $_POST array (spaces are closed up so 'client name' becomes 'clientname')
type is one of text, textarea, select, checkbox, radio
desc is used to describe the data in the email message
label is displayed next to the form input - like brief instructions
. . . and so on

and uses it to create the html to display the form, validate the input, display error messages in the form and display a copy of the sent message when done.

I have implemented these forms on a couple of sites but I am somewhat isolated and I would like someone to try to 'break' them so I can know how robust (or not) they are.

Is this forum an appropriate place to ask for this kind of feedback? If you are willing to take a look at them, please reply so I can give you the link to my site. If you want a copy of the code to use yourself, I will give it away but not until it has been 'stress tested'.

Any/all feedback much appreciated.

regards
jean

regards
jean

 

eelixduppy




msg:3212866
 2:59 am on Jan 9, 2007 (gmt 0)

Not exactly sure what you mean by "stress testing" with something like this. Generally we do not do the grunt work because it is part of the poster's learning process if they do it themselves; it seems to be ok, though. :)

If you are doing this strictly for educational purposes than you should go ahead and make it into a class if you want, and then try out different methods to see how the results respond to those changes.

However, if you have already passed the educational stage then you would be better off using a pre-made solution available at some of the script repositories such as sourceforge.net or phpclasses.org.

Best of luck!

CDNQuilter




msg:3212878
 3:29 am on Jan 9, 2007 (gmt 0)

Thanks for the feedback.

I don't mean to ask anyone to do 'grunt' work.

I guess I'm just nervous - I have run a fair bit of test stuff through the forms - and I made sure that none of the email injection strings like the ones at [securephpwiki.com ]
would get through.

And I have an error handler and an error log file. . . time will tell I guess!

cheers
jean

[edited by: CDNQuilter at 3:31 am (utc) on Jan. 9, 2007]

eelixduppy




msg:3212883
 3:38 am on Jan 9, 2007 (gmt 0)

We have a great thread in our library [webmasterworld.com]: Combatting Webform Hijack [webmasterworld.com]. Maybe it can offer you some insight. You may find some other threads of interest in there, too ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved