a while back i had to import some SQL data from one host to another. the old host 'gave' me a php guestbook, but the actual script was not accessible so i figured it out (and with some help from this forum) i was able to write my own new php guestbook and also use my existing sql data (from the old guestbook) all was well but now im getting crushed by spammers im well aware i could use any of 1 million other guestbooks from elsewhere that would more easily keep the spammers out but i want to keep my own since i worked so hard on it in the 1st place i want to make it so html is definately not allowed to be input in any field as well as URLs (maybe some 'keywords' to be disallowed could be: 'www', '.com', 'net', etc...) maybe they will just spam anyways and find ways around it but maybe it will slow things down at any rate, id apprecaite some help with a patch to this script that woudl take care of these things thank you all very much!! [code] <?php if (isset($_POST['submit'])) { $error = null; if(empty($_POST['name'])) { $name = FALSE; $error .= '<B>Please enter your name</b><br>'; } else { $name = $_POST['name']; } if (empty($_POST['comment'])) { $comment = FALSE; $error .= '<B>Please enter comments</b>'; } else { $comment = $_POST['comment']; } // if they are both filled out if ($name && $comment) { $db = mysql_connect("localhost", "XXX", "XXX"); mysql_select_db("XXX",$db); $sql = "INSERT INTO guestbook (name,email,comment,added) VALUES ('$name','$email','$comment','$added')"; $result = mysql_query($sql); if ($result) { echo "<h1>Thank you for signing the guestbook!</h1><p><a href='/guestbook.html'>return to guestbook...</a><BR>\n"; } } if (isset($error)) { echo $error; } } //submit else { ?> <center> <h1>WWW.LOWPRO708.COM GUESTBOOK</h1><BR> <form method="post" action="<?php echo $PHP_SELF?>"> <input type=hidden name="added" value="<?php echo date('Y-m-d h:i:s') ?>"> <strong>Your Name: </strong><input type="Text" name="name"><p> <strong>E-Mail Address: </strong><input type="Text" name="email"><br><I>Your address will not be subject to any unsolicited mail and<BR>will not be displayed in our guestbook publicly!</i><P> <strong>Comment: </strong><input type="Text" size=55 name="comment"><p> <input type="Submit" name="submit" value="Sign Guestbook"> </form> <?php } ?> [/code]