How secure is this?

Skipper · #1 (**permalink**) 07-01-10, 12:01

I have a website with user-generated comments/testimonials (each on a separate page). There's a simple form that asks for the name, comment, and some other information. When the form is submitted, a variable marked "moderated" is set to 0. The comment won't show up on the website until the "moderated" variable has been set (by hand) to 1 in phpMyAdmin. This way I can make sure that comments are appropriate and that nobody is trying to insert unwanted code/commands.

Is this secure enough?

carl owen · #2 (**permalink**) 07-01-10, 19:00

Well, if the comments or testimonials posted are to be published manually, the form can be considered as secure enough, however, it would be a better option to use Secure Form Mailer Plugin For Wordpress (if you are using Wordpress) or a similar script which includes many security features including protection against email header injection

Skipper · #3 (**permalink**) 07-02-10, 14:45

Does the plugin work with MySQL, or does it just allow forms to be sent by email? I don't currently have the entries sent to my email; they go straight into the database. Saves me some time.

Bladerunner · #4 (**permalink**) 08-12-10, 07:42

Sorry I don't know if the WordPress plugin will work with MySQL but if it does I really recommend it. The range of features is really useful, especially the multiple language option. It works great at the basic level and if you want more then you can customise it easily enough. Bonus point to them for having added ReCaptcha!

Mitchel_B3ll · #5 (**permalink**) 11-21-10, 13:41

I think the WordPress plugin will work with MySQL. I am pretty sure that WordPress fully supports this, and that makes it the best choice. I could be wrong, but this is the impression I have.