I am publishing two forms and embedding them in my Google Site (soon to be made available to the public). I want to make sure I take all necessary measures to prevent hackers from gaining access to my database.
I am concerned that someone could insert HTML or other malicious script into form fields to break in.
I considered using getAlphaNumeric() to strip all possible scripts but that would disallow me from using special characters.
I noticed that if I try to input the HTML script <br> in the name field. The script passes successfully and updates the database even with the html in the field. But the success script which was supposed to sendmail to the administrator with select form data including input.Name does not work. The email is never sent. Which is good I guess.
I do have captcha enabled to prevent an excess of spam bots from submitting useless data.
I also use some forms that pass parameters to an HTML page I created, but those forms are not embedded on my site. I am assuming someone would have to hack my Zoho account to get into those.
Is there anything I can or should do to keep my data safe?