Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
secure email form in PHP
- Thread starter cwesty
- Start date
- Sort by reaction score
Your best bet would be using regular expressions in PHP to check that the data entered into your email field is a valid email address. In my experience spammers usually hijack this particular field by adding HTML email headers to it so they can gain control of your script. Using regular expressions can make sure that nothing except "something@something.something" is entered in your email field. A good place to look for help on this is the PHP forums on www.sitepoint.com Let me know if you need any more help with this.cwesty said:
That could be a solution; however besides the regular expressions you would have to make sure the email address is indeed valid. In my email validation I check for example for mx records of the domain part and a smtp server. There are tricks to ask the receiving smtp server if an email address is valid; however you cannot trust this because most smtp servers return false positives.
I think the best solution would be to check for validity and create a banned word list for example. If then some words from the banlist are found you could either decide to trash the post or (if you send this contact info by email) add some spam headers to your email. You could then use procmail to filter this email to some other mailbox.
...or something...
ps. you can use this regular expression for email validation; it's RFC 2822 compliant: ^([a-zA-Z0-9\.\_\~\+\=\*\'\-]+)@((([a-zA-Z0-9_\-]+)([\.]{1}))+)([a-zA-Z]{2,4})$
ps 2. here is a short article on the matter: http://www.anders.com/projects/sysadmin/formPostHijacking/
I think the best solution would be to check for validity and create a banned word list for example. If then some words from the banlist are found you could either decide to trash the post or (if you send this contact info by email) add some spam headers to your email. You could then use procmail to filter this email to some other mailbox.
...or something...
ps. you can use this regular expression for email validation; it's RFC 2822 compliant: ^([a-zA-Z0-9\.\_\~\+\=\*\'\-]+)@((([a-zA-Z0-9_\-]+)([\.]{1}))+)([a-zA-Z]{2,4})$
ps 2. here is a short article on the matter: http://www.anders.com/projects/sysadmin/formPostHijacking/
I'm not sure what you mean by "Secure"...Do you mean a script that doesn't display your email address??? Theres tons of them. If you want, PM me and I'll show you the way to mine.