Re: help protecting form to email from spammers

"J W" <jwhitley31NOSPAM@xxxxxxxx> wrote in message
news:982DA4A64karlcsueduco@xxxxxxxxxxxxxxxxx
Hello,

I am kind of a newb to php and could use some help. I have made a form to
email php page that uses the mail function to send me the results of a
form. The php portion looks like this:

<?PHP
if ($submit) {
$Address = !empty($Address) ? $Address : 'NA';
$Address2 = !empty($Address2) ? $Address2 : 'NA';
$City = !empty($City) ? $City : 'NA';
$State = !empty($State) ? $State : 'NA';
$Country = !empty($Country) ? $Country : 'NA';
$Postal = !empty($Postal) ? $Postal : 'NA';
$Phone = !empty($Phone) ? $Phone : 'NA';
$Company = !empty($Company) ? $Company : 'NA';
$EmailNot = !empty($EmailNot) ? $EmailNot : 'NO';
$today = date("m/d/y");
mail("me@xxxxxxxxxxxx",
"Info on $Regarding",
"A User has submitted a Contact form on Mydomain.com
on $today
================================================
Name: $FName $LName
Email: $Email
Address: $Address
$Address2
$City
$State
$Country
$Postal
Phone: $Phone
Company: $Company
Message: $Comment
Referer: $Referer
Opt-Out: $EmailNot",
"From: $FName $LName <$Email>");
header ("location: thanks.html");
} // end if they hit "Submit"
?>

Later on the page is the form itself (edited for brevity):

<form name="contactinfo" method="post">
(various input areas)
</form>

I know that as is this page isn't secure from a spammer exploiting it for
their own purposes. Can someone help me clean it up to protect against
that kind of thing? I believe the input data has to be validated /
scrubbed or something? I've been googling and while I understand the
concept I'm not quite getting how to do it within the framework of what I
have already created,

Thanks much.

Since it appears that you have safe mode off, then you need to run each one
of your form variables through a validation process (preferable before your
'mail()' call). If you do a search at www.phpclasses.org for validation
scripts you'll find alot to choose from. Here is another good read:
http://phpsec.org/projects/guide/1.html with examples. And
http://www.nyphp.org/phundamentals/email_header_injection.php

Norm


.

Relevant Pages

  • Re: query string passing woes........ help... please....
    ... |> | offer any help other than saying that my validation could be FAR more ... I'm a total newbie at php. ... The easiest way for you would be to make the html form called form.php ... $_SESSION array using the same names. ...
    (alt.php)
  • Re: question about database injection
    ... i am working on the registeration page for the forum website and its ... USER NAME VALIDATION ... however i would like the username to be Letters First(upper or ... NOTE = in my php settings magic_quotes_gpc is ON, ...
    (comp.lang.php)
  • Re: Redirecting between PHP Pages
    ... but at the very least in a php script. ... > on the outcome of the validation, you want to do one of two things: ... with the various bits of HTML being ... Display login form ...
    (comp.lang.php)
  • Re: Contact Us script
    ... I'm relatively new to PHP so I found this free contact us script on ... Contact.php calls the sendemail.php script. ... email validation could still let an invalid mail go through. ... there print out the $_SESSIONerror messages on an appropriate location. ...
    (comp.lang.php)
  • Re: Form validation with PHP/Javascript
    ... I don't rely on js for form validation. ... I validate everything server side. ... works beautifully, first the js, then the php. ...
    (comp.lang.php)