How do I spam proof my contact form?

[JasonDFR]

PHP Code:

<?php

// I added this:
$_POST["message"] = 'My message is a link. <a href="http://www.something.com">Click here</a>';

// YOUR CODE BELOW:
if ($_POST["message"])
{

$message = $_POST['message'];

//check the message doesn't contain links

if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) 
{    
echo 'there is a hyperlink';
}

else
{
echo 'No hyperlinks';
}

}
exit;

The above works as expected. I bet you have magic_quotes_gpc ON. If you can turn them off, do it, otherwise, use stripslashes() before checking for hyperlinks.

preg_match(), when used with the first two arguments only returns either 0 or 1. With that in mind, you can test the result of the evaluation with an if statment.

Good luck.

J

[dog]

Okay I take your point about it being usable in an if statement and I have some idea about what you're saying with regard to something needing to be changed.

I've got the following working:

PHP Code:

<?

$message = $_POST['message'];

if (preg_match('/href/', $message)) {
echo 'there is a hyperlink';
}

else {
echo 'no hyperlinks';
}

exit;

?>

Obviously I didn't want to have to simplify it that much but as you may have gathered I don't know how to write a lot of PHP. Please explain a little more if you can. I don't even know where to got to turn off my magic quotes.

Thanks!
Dog