Safe or no?

**TimFA** · 12-14-2007, 02:57 AM

I was trying to find a *SIMPLE* way of preventing spam-bots from spamming through my form, I came up with this:

Code:

<?php
if(($_POST['answer'])=="blue") {

$to = "theemail";
$subject = $_POST['subject'];
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$message = $_POST['message'];
 
$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";
 
echo "Data has been submitted to $to!";
mail($to, $subject, $body);

} else {

echo "Error, please try again!";

}
?>

This was adapted from some simple code I found on About.com or something, I've been using it forever... Anyways is it safe or no? I tested and it works fine.

**Fuzzydude45** · 12-14-2007, 03:02 AM

If the code that the user has to input the "Answer" looks like what i think it looks like a bot could easily pass the security measure, although its not all that bad of a security pass through, its not that great. Its safe to an extent.

**TimFA** · 12-14-2007, 03:04 AM

What do you mean? I was think a simple thing like "What is the name of this site?" or something, then if its correct then it sends, if no it just returns error.

**djr33** · 12-14-2007, 03:17 AM

This could certainly help. But it's not foolproof. Just program the bot to answer that, and it stops working.

The answer is using a CAPTCHA, which seems to be the method that works the best.

Gimmicky ways can work some, but they're only as strong as it would be to program the bot to understand it. So, if it's a really popular site, it'll be broken quickly. If not, and it's just casual spammers, that should be fine.

**TimFA** · 12-14-2007, 03:21 AM

Not to worry, its so un-popular I worry if my host will kick me o.o; but I have been getting spammed. Ok then, thanks.

**djr33** · 12-14-2007, 03:25 AM

Spambots find a form and start spamming it. In most cases, anything that makes it hard to submit will stop them-- but if the programmer of the bot specifically targets your site, it's easy to get around.
So, in your case, that should work easily enough.

**TimFA** · 12-14-2007, 03:27 AM

Good to know. Spam-bots are so inconvenient.

**djr33** · 12-14-2007, 03:39 AM

Indeed. It's especially bizarre when you have some sort of admin-only contact form that just goes somewhere into the depths of a database and you find many ads for viagra and such. Like that's going to generate sales.

**tech_support** · 12-14-2007, 05:51 AM

You could try reCAPTCHA if you want to.

**TimFA** · 12-14-2007, 09:06 PM

Maybe someones going to buy their Viagra.

edit: and thanks tech_support I'll check it out.

Thread: Safe or no?

Thread Tools

Search Thread

Safe or no?

Bookmarks

Bookmarks

Posting Permissions