08302005 0857 GMT-5 If you use a session variable and match the var to a var on the server, I dont know what cURL is but, wouldnt that prevent something from seeing the server side var and even if you know the client side var, you still have to match them. If they match great, run your tests against spam words, or even better, have a templete page of what should go out against what is going out. Except for the few variables you need from the one putting data into the form, the rest should be the same every time. Right?
Wade David Smyth wrote: >Nice idea though, I'll give that a try and see if that stops them for >the time being, I have no doubt that the bots will get round it >eventually. > >Many thanks, > >David. > >--- In [email protected], Mike Brandonisio <[EMAIL PROTECTED]> wrote: > > >>Hi, >> >>For me, I put a hidden session variable that is set when the form >>loads. I then test for it before emailing. If it does not exist I do >>not send the email. If it does exist I send the email and kill >>session. I usually do my forms as 2 parts one form page and one >>processing page. >> >>Since the variable is hidden in the session it forces someone to at >>least use the first form page. Although it is not fool proof. I guess >>someone could use cURL to get around that. >> >>Mike >>-- >>Mike Brandonisio * IT Planning & Support >>Tech One Illustration * Database Applications >>tel (630) 759-9283 * e-Commerce >>[EMAIL PROTECTED] * www.techoneillustration.com >> >>On Aug 30, 2005, at 5:19 AM, David Smyth wrote: >> >> >> >>>Hi, I have a php form that I believe is being abused by some kind of >>>crawler or something like that (not sure if these exist, but it's the >>>only thing I could think of causing my problem) >>> >>>My client has started to receive emails from the site that appear to >>>be junk, but information is appearing in the email that shouldn't be >>>there. For instance, there is a checkbox on my form that will send >>>through a yes/no depending on whether it's been checked or not, but >>>the junk email manages to send through a junk email address instead. >>> >>>Can someone give me some pointers on the extra security I need to put >>>in place? So far I basically just format the variables into a string >>>and use the mail() function to email it to my client. This appears to >>>not be sufficient. >>> >>>Any help here would be greatly appreciated. >>> >>>TIA, >>> >>>David. >>> >>> >>> >>> >>>------------------------ Yahoo! Groups Sponsor -------------------- >>>~--> >>>Get Bzzzy! (real tools to help you find a job). Welcome to the >>>Sweet Life. >>>http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/CefplB/TM >>>-------------------------------------------------------------------- >>>~-> >>> >>>The php_mysql group is dedicated to learn more about the PHP/MySQL >>>web database possibilities through group learning. >>>Yahoo! Groups Links >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> > > > > > >The php_mysql group is dedicated to learn more about the PHP/MySQL web >database possibilities through group learning. >Yahoo! Groups Links > > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life. http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/CefplB/TM --------------------------------------------------------------------~-> The php_mysql group is dedicated to learn more about the PHP/MySQL web database possibilities through group learning. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php_mysql/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
