Make my form not spamable and validation of fields?

[Johank82]

<?

$name = $_GET['name'] ;
$email = $_GET['email'] ;
$text = $_GET['text'] ;

$name = $_POST['name'] ;
$email = $_POST['email'] ;
$text = $_POST['text'] ;

mail( "contact@getastranger.com", "Contest", "$name

EMAIL: $email\n

$text", "From: $name <$email>\r\n" );

header( "Location: http://www.homepage.com" );

?>

[Twey]

$name = $_GET['name'] ;
$email = $_GET['email'] ;
$text = $_GET['text'] ;

$name = $_POST['name'] ;
$email = $_POST['email'] ;
$text = $_POST['text'] ;

If you want register_globals, use register_globals. If you use this code, then if the values are set by $_GET but not by $_POST, then the correct $_GET fields will be overridden by the blank $_POST fields.

Bot checks are tricky. A simple measure that will severely limit most mailbombing attacks is to use sleep(3); before header() there.

[Johank82]

Hello

Thank you for your kind reply

How would I interpret that into my code? I am sadly not so very good at these kinds of things

When I mean I want to avoid spamming, I guess I would like some sort of code that does not allow more than 1 message/minute from each user.

[Twey]

I guess I would like some sort of code that does not allow more than 1 message/minute from each user.

Unless you really want to keep a registry of recent IPs, that's not really feasible. Search the Web for some free bot-check scripts.

PHP Code:

<?php
  // If you do not have permission to use this, use $_POST
  // and $_GET as you were doing, BUT remember to check
  // if the value is set (i.e. isset($_GET['email'])) before
  // gleefully overwriting it.
  ini_set('register_globals', 'on');

  $message = <<<EOT
$name
EMAIL: $email\n
$text
EOT;

  mail("contact@getastranger.com", "Contest", $message, "From: $name <$email>\r\n");
  sleep(3);
  header("Location: http://www.homepage.com/");
?>

[Johank82]

Ok, I will try it out

How about the check for empty fields?
I guess I have to use "if" in some way?

[Twey]

if($_POST['field'] === "")