I have created a php contact form. Tried to keep it lightweight. I have a separate html contact page and then a separate php form that runs the script. So here it is:-
1) I have 4 required fields (name, email, phone, message) & 1 hidden honeypot field for spam prevention
2) All the 4 required fields have on-page jQuery validation for the user. The form won’t submit if the fields are not filled in.
3) I have if (empty code in the php to ensure that the email will not be sent if the honeypot field is filled.
3) I have a !preg match function in the php script to prevent email injection via the email field.
What else do I really need to add to be secure or is this enough for a simple form? I know some people go to all sorts of lengths to try to prevent abuse and some of the scripts I’ve seen are huge. I’m trying to keep things lightweight and simple as possible. Any advice?