Need contact forms processing recommendation

[cmayo]

I'm looking to implement Google's reCAPTCHA v2 "I am not a robot" captcha on several web forms, which will integrate best for us if it submits to a PHP (vs. PERL) script. Our contact/info forms are currently submitting to a 2004 PERL script, NMS FormMail, which seems to just line up form keys and values, then email it to a designee.

I'm looking for a PHP form-processing script that does the same thing (i.e. emailing of generic form fields & data on submit), but which which also provides more modern security against data injection or other (?) exploits.

Any thoughts for me?

 

[spamjim]

Why are you concerned about data injection if you don't mention any database and apparently have the form send to a specific designee? Are there other ways to inject data?

The question may be less difficult than you make it.

https://www.google.com/search?q=contact+forms+processing+php

 

[cmayo]

I've been given to understand by our hosting company that contact forms are vulnerable to spamming and can be exploited for use as a bulk mail relay. I turned up one possible method at (

https://jonathannicol.com/blog/2006/12/09/securing-php-contact-forms/).

I haven't done a lot of research into how our 14-year-old PERL submission script might be vulnerable... I was just interested in a more modern submission script that at least made an effort to combat spam and other possible exploits.

In the end, we just added a captcha to the form and updated our processing script to the currently-maintained Tectite FormMail, so I think we're covered for the moment.

 

[spamjim]

The unfortunate truth is that very little has changed with form email in the past decades. One can use a poorly crafted form processor today or one created 14 years ago. Your Perl form processor may have been fine. Your hosting company could have stated exactly what they perceived as vulnerable on your site, if they were not making a general comment about all of their customers.