[SOLVED] email form getting web addresses injected

[rnintulsa]

Hi,  I don't know php very well.  Learning bit by bit. 

I have an email form that often gets either gobble-de-gook, or multiple web addresses submitted. Is it possible to stop this with my form?  If you need any more information from me please let know and I will respond.

 

PHP Form Processor:

 

<?php

$EmailFrom = "";
$EmailTo = "";
$Subject = "Online Estimate Request";

$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Company = Trim(stripslashes($_POST['Company'])); 
$Tel = Trim(stripslashes($_POST['Tel'])); 

$newWebDesign = Trim(stripslashes($_POST['newWebDesign'])); 
$htmlWithFlash = Trim(stripslashes($_POST['htmlWithFlash']));
$reDesign = Trim(stripslashes($_POST['reDesign']));
$eCommerce = Trim(stripslashes($_POST['eCommerce']));
$changeContentOnly = Trim(stripslashes($_POST['changeContentOnly']));
$graphicDesign = Trim(stripslashes($_POST['graphicDesign']));
$flashOnly = Trim(stripslashes($_POST['flashOnly']));
$videoEditing = Trim(stripslashes($_POST['videoEditing']));



$competition = Trim(stripslashes($_POST['competition'])); 
$whatYouLike = Trim(stripslashes($_POST['whatYouLike'])); 
$targetAudience = Trim(stripslashes($_POST['targetAudience'])); 
$describeCompany = Trim(stripslashes($_POST['describeCompany'])); 

$logo = Trim(stripslashes($_POST['logo'])); 
$siteOrganization = Trim(stripslashes($_POST['siteOrganization'])); 
$photographs = Trim(stripslashes($_POST['photographs'])); 
$visualItems = Trim(stripslashes($_POST['visualItems'])); 
$digitalText = Trim(stripslashes($_POST['digitalText'])); 
$soundFiles = Trim(stripslashes($_POST['soundFiles'])); 
$colorScheme = Trim(stripslashes($_POST['colorScheme'])); 
$logo = Trim(stripslashes($_POST['logo'])); 


$timeLine = Trim(stripslashes($_POST['timeLine'])); 
$comments = Trim(stripslashes($_POST['comments'])); 

// validation
$validationOK=true;
if (Trim($Name)=="") $validationOK=false;
if (Trim($Email)=="") $validationOK=false;
if (Trim($Company)=="") $validationOK=false;


if (!$validationOK) {
  header('Location: estimate.php');
  exit;
}

// prepare email body text
$Body = "";

$Body .= "Your estimate form has been submitted by:
";
$Body .= $Name;
$Body .= "\n";

$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";

$Body .= "Company: ";
$Body .= $Company;
$Body .= "\n";

$Body .= "Telephone: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "\n";

$Body .= "Client requests these services:
";
$Body .= "newWebDesign: ";
$Body .= $newWebDesign;
$Body .= "\n";
$Body .= "htmlWithFlash: ";
$Body .= $htmlWithFlash;
$Body .= "\n";
$Body .= "reDesign: ";
$Body .= $reDesign;
$Body .= "\n";
$Body .= "eCommerce: ";
$Body .= $eCommerce;
$Body .= "\n";
$Body .= "changeContentOnly: ";
$Body .= $changeContentOnly;
$Body .= "\n";
$Body .= "graphicDesign: ";
$Body .= $graphicDesign;
$Body .= "\n";
$Body .= "flashOnly: ";
$Body .= $flashOnly;
$Body .= "\n";
$Body .= "videoEditing: ";
$Body .= $videoEditing;
$Body .= "\n";
$Body .= "\n";



$Body .= "Your competitors: 
";
$Body .= $competition;
$Body .= "\n";
$Body .= "\n";


$Body .= "Styles you like: 
";
$Body .= $whatYouLike;
$Body .= "\n";
$Body .= "\n";


$Body .= "Your target audience: 
";
$Body .= $targetAudience;
$Body .= "\n";
$Body .= "\n";


$Body .= "Company description: 
";
$Body .= $describeCompany;
$Body .= "\n";
$Body .= "\n";


$Body .= "Client will provide:
";
$Body .= "logo: ";
$Body .= $logo;
$Body .= "\n";
$Body .= "siteOrganization: ";
$Body .= $siteOrganization;
$Body .= "\n";
$Body .= "photographs: ";
$Body .= $photographs;
$Body .= "\n";
$Body .= "visualItems: ";
$Body .= $visualItems;
$Body .= "\n";
$Body .= "digitalText: ";
$Body .= $digitalText;
$Body .= "\n";
$Body .= "soundFiles: ";
$Body .= $soundFiles;
$Body .= "\n";
$Body .= "colorScheme: ";
$Body .= $colorScheme;
$Body .= "\n";
$Body .= "\n";



$Body .= "Project timeline: 
";
$Body .= $timeLine;
$Body .= "\n";
$Body .= "\n";

$Body .= "Additional comments: 
";
$Body .= $comments;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page 
if ($success){
  header('Location: estimate_thankyou.php');
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>

Thanks for looking.

[damianjames]

Do you have a good captcha implemented with the form?

[rnintulsa]

What is a captcha?  I will do a search on that word. 

[rnintulsa]

Ok, I see. It's like those forms that you have to type the distorted images of letters before you can submit.

 

Will that work with my script?

Does anyone have advise as to how to make a captcha?

 

Thank you.

[dropfaith]

http://www.captcha.biz/how-to-use-captcha.html

[tapupartforpres]

Captcha seems the way to go.  This was happening quite a bit on my site, so I disallowed that page in the robots.txt file from indexing and it stopped it.  Maybe a quick fix, but these other guys are right.  Captcha seems the way to go.

[damianjames]

There are a lot of great resources out there - I like ReCaptcha, because of all the prebuilt options it has.  You can -almost- just drop the code in and have it work as well, pretty fast.  You have to sign up, but that's a security measure so they verify the code is coming from your site.

 

http://www.recaptcha.net

[rhodesa]

If it's something simple like a contact form, where you don't want to deter users away with a CAPTCHA, I always recommend using this method:

http://www.modernblue.com/web-design-blog/fighting-spam-with-css/

 

Works 99% of the time...and I just suck it up the other 1%. Small price to pay for making the experience easier for my users.

[rnintulsa]

I can't thank you all enough.  I now have the answer to this problem and will be able to use all the resources you gave me. 

God Bless.

 

Renee