I have a webform on my website that allows people to submit information to my database. At the moment, the webform has no protection.
What risks am I facing as a result of not having any protection? Is it just spam bots, or are there other risks?
And what's the best way to deal with the different risks?
I am aware that I can prevent bad bots from accessing my website by using mod_rewrite, and that I can stop bad bots from submitting information to my database by using a CAPTCHA. Are these the best methods of protection?