Re: email form injection
- From: "rf" <rf@xxxxxxxxxxx>
- Date: Mon, 05 Jan 2009 07:44:18 GMT
"Michael Vilain" <vilain@xxxxxxxxxxxxx> wrote in message
news:vilain-EEB790.22352004012009@xxxxxxxxxxxxxxxxxxxxxxxx
In article <gjrspj$e9h$1@xxxxxxxxxx>, ScriptKid <no@xxxxxxx> wrote:[sanitising contact form fields]
You can also do something very simple. Name the fields some generic
name like field01, field02, field03... and code a hidden field like
"ZIP" with no default value. If your action script sees this field with
a value, you know the form was filled by a bot.
Client side "security" is less than worthless.
If a human fills out
the form and sends spam, reporting that is harder other than banning
that IP block. So far, the hidden field trick has worked on my contact
form.
How do you know it has "worked"?
If that doesn't work, you may have to go to a CAPTCHA:
http://www.captcha.net/
This is a joke, right?
.
- Follow-Ups:
- Re: email form injection
- From: Gordon Burditt
- Re: email form injection
- References:
- email form injection
- From: salmobytes
- Re: email form injection
- From: Jerry Stuckle
- Re: email form injection
- From: Jerry Stuckle
- email form injection
- Prev by Date: Re: Writing Stored procedures to be used by PHP
- Next by Date: Re: newbie: how many constructors per class?
- Previous by thread: Re: email form injection
- Next by thread: Re: email form injection
- Index(es):
Relevant Pages
|
