Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HTML form post to PHP and avoid spamming

Status
Not open for further replies.
rrsub

rrsub

MIS
Oct 23, 2002
536
US
There are several ways to avoid spambots from hijacking a form when the form originates in PHP and is posted to PHP.

How can I prevent spamming from HTML to PHP.
 
Sort by date Sort by votes
OK

You have a form in HTML that sends a name
---
<form action="action.php" method="post">
<input type="text" name="variable">
<input type="submit" value="submit>
</form>
---

With that , anybody can write a html doc on their system, or a bot can write to action.php a $_POST['variable'] on the hosted server.

In PHP, spamproof code could be:
---
<?PHP session_start();?>
<form action="action.php" method="post">
<?PHP
print "<input type=\"hidden\" name=\"sid\" value=".session_id().">";
?>
<input type="text" name="variable">
<input type="submit" value="submit>
</form>
---

Where action.php verifies that the session_id is the same.

I'm looking for any solution that makes sure that any form submitted was from the website from an actual visitor.
 
Upvote 0 Downvote
Granted, you can't guarantee anything... and you may kick out legitimate users, but you can use the $_SERVER['HTTP_REFERER'] variable.

But to quote the PHP manual
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Click to expand...
 
Upvote 0 Downvote
How can I prevent spamming from HTML to PHP.
Click to expand...
Can you do PHP to PHP? Establish a session with a PHP form and then check to make sure that the session has started when you process the form.

- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
 
Upvote 0 Downvote
That's what I'm trying to avoid. I'd like to have the PHP script verify that the request came from the server.
 
Upvote 0 Downvote
I guess the question is 'why must your form be HTML instead of PHP'?

You can drop cookies with plain old HTML.

- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
 
Upvote 0 Downvote
Different developers are writing the form pages. They're asking me to do stuff with the data.

I just may have them code the page and change the extention to php.
 
Upvote 0 Downvote
This may be your best option. If you provide them the PHP code snippet to place at the start of the HTML, they should have little problem. Better WYSIWYG editors like Dreamweaver and GoLive will hide the PHP in the layout view. They may easily forget that they have PHP in their HTML.

- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
199
PeDa
PeDa
P
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
220
Chris Miller
Chris Miller
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
212
vishvajit
vishvajit
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
115
PeDa
PeDa
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
230
SashaBuilder3
SashaBuilder3

Part and Inventory Search

Sponsor

Back
Top