What are common pitfalls when creating a PHP contact form and how can they be avoided?
One common pitfall when creating a PHP contact form is not properly sanitizing user input, which can leave the form vulnerable to SQL injection attacks. To avoid this, always use prepared statements when interacting with a database to prevent malicious input.
// Connect to database
$pdo = new PDO('mysql:host=localhost;dbname=database', 'username', 'password');
// Prepare statement
$stmt = $pdo->prepare('INSERT INTO contacts (name, email, message) VALUES (:name, :email, :message)');
// Bind parameters
$stmt->bindParam(':name', $_POST['name']);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':message', $_POST['message']);
// Execute statement
$stmt->execute();