I edited .htaccess to prevent direct access to database.php file. now this form action didn't working.
<form class="contact" action="database.php" name="contact" method="POST" enctype="multipart/form-data">
I guess you need to deny from all , and allow your hosting server IP only access to it,
Here xx.xxx.xx.xx is your server ip,
.htaccess
<Files database.php>
Order deny,allow
Deny from all
Allow from xx.xxx.xx.xx
</Files>