Jump to content

Recommended Posts

Since I implemented a spam stopper I have not been receiving any emails via my contact form.  Now I usually only received about 1 per month, but it was picking up in both legitimate and non-legitimate (spam) submissions recently until I implemented a simple security question "is this sun hot or cold" to stop spammers.

 

http://www.cnizz.com/

 

Please go to this page, then click the contact link, and send an email.  I'll reply to this post when i'd like you folks to stop testing it.  Thanks in advanced.

Link to comment
https://forums.phpfreaks.com/topic/136092-this-is-a-fast-one-to-test/
Share on other sites

In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though..

 

If you'd like another I'd also give them options for where they found your site. If they see an empty box where they have to manually type something in that's not required, may just pass over it..

 

A

In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though..

 

This is actual a normal anti-spam strategy.  I think this is fine.  You should put a side note that states it filters out spammers.

 

I assume you're Tim.

 

And yes, that's me.

your contact form is unsafe try the following function on all your variables.

 

 

<?php

function clean($var){
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}?>

your contact form is unsafe try the following function on all your variables.

 

 

<?php

function clean($var){
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}?>

 

Why is it not secure?  It sends an email, there is no risk of SQL injection.  Thank you for making me aware of the filter_var function though, I had no idea it existed.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.