Hey everyone! I've been diving into HTML, CSS, PHP, and JavaScript, and I think I've crafted a pretty nice-looking website. However, I'm stuck on getting my contact form to work. I haven't bought a domain yet because I want to finish everything up first.
I'm particularly keen on avoiding any libraries for this project because I want to thoroughly understand all my code and steer clear of potential vulnerabilities. I'm considering whether I should use SMTP for the contact form, and I'm looking for resources to help me implement that.
Alternatively, I thought about creating an API endpoint where the form could send a POST request with the contact information, allowing me to store the data in a database or CDN for manual review.
I'm unsure about which path to take or where to find good resources. Any advice would be awesome!
4 Answers
If you're looking for a straightforward way to set up a contact form without any libraries, you might want to try PHP's built-in mail() function. Just make sure you sanitize your inputs, create a basic HTML form that POSTs to a PHP script, and validate inputs on the server side before sending emails. The concerns about zero-day vulnerabilities with libraries are valid, but at this stage, the biggest risks are actually spam and injection attacks. Using a honeypot field along with basic input sanitization can help you tackle 90% of those issues without relying on any external dependencies.
If you're feeling cautious and want something a bit more reliable, PHPMailer is a great option—it's just one file, has been around forever, and handles SMTP authorization smoothly. But honestly, skipping over saving submissions to a database for now is wise; a direct email will suffice until you need to store that data.
Do you have a recommended website that explains the mail() function clearly? The official docs feel pretty technical!
Don’t stress too much about potential vulnerabilities with using libraries at this stage. Just use something like PHPMailer and focus on getting your form working. The typical security issues are more about things like SQL or input injections than relying on well-established libraries. If you still want more hands-on control later, setting up an API endpoint could be beneficial, but for now, let's not overcomplicate it.
I get wanting to know all the ins and outs of your code, but trying to recreate what a library like PHPMailer does is a bit overboard. It's meant to make email handling easier and safer, and not using it just adds unnecessary risk. Believe me, your contact form won't make you magically vulnerable just because you rely on PHPMailer for a day while any issues are fixed. They’ve had very few problems over the years, and even those were mostly specific to certain setups. Just use PHPMailer with SMTP and you'll be just fine!
Honestly, you're trying to reinvent the wheel for security reasons that aren't even a concern yet. Using a library or a service like Formspree or Netlify forms is so much safer than crafting a solution all on your own, which might end up susceptible to things like SQL injection. If you really insist on DIY—sure, there's PHP’s mail() function, but it's not great. The API route is better, plus you'll have proper storage for the submissions with a database you set up correctly instead.
What's the best way to hide a honeypot field? Also, should I be worried if the CSS for my form isn't loading?