I am about to start on a long overdue project - proofing all the contact forms across various sites against unwanted messages... note that I am not using the dreaded S* word to avoid some people's s-blockers.
The first thing is to understand the problem - how do they insert their messages? I would have thought that POSTing to the thank-you page would be the easiest method for them. So I would have thought that they would visit the email-me page, find the variable names, and save them, then POST to the thank-you page, using the variable names. Yet, I see so many CAPTCHA forms, which won't stop this method. So am I misunderstanding what the problem is? I am not talking about hiding addresses here, I am talking about protecting PHP contact forms. -- Pete Clark Sunny Andalucia http://www.hotcosta.com/comm_1.htm