Jump to content

This is a fast one to test

s0c0

By s0c0
in Beta Test Your Stuff!

 Share

Recommended Posts

s0c0 Regular Member

s0c0

Posted
Posted

Since I implemented a spam stopper I have not been receiving any emails via my contact form.  Now I usually only received about 1 per month, but it was picking up in both legitimate and non-legitimate (spam) submissions recently until I implemented a simple security question "is this sun hot or cold" to stop spammers.

 

http://www.cnizz.com/

 

Please go to this page, then click the contact link, and send an email.  I'll reply to this post when i'd like you folks to stop testing it.  Thanks in advanced.

Link to comment
https://forums.phpfreaks.com/topic/136092-this-is-a-fast-one-to-test/
Share on other sites
Adam Advanced Member

Adam

Posted
Posted

In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though..

 

If you'd like another I'd also give them options for where they found your site. If they see an empty box where they have to manually type something in that's not required, may just pass over it..

 

A

Maq Prolific Member

Maq

Posted
Posted
In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though..

 

This is actual a normal anti-spam strategy.  I think this is fine.  You should put a side note that states it filters out spammers.

 

I assume you're Tim.

 

And yes, that's me.

darkfreaks Advanced Member

darkfreaks

Posted
Posted

your contact form is unsafe try the following function on all your variables.

 

 

<?php

function clean($var){
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}?>

s0c0 Regular Member

s0c0

Posted
  • Author
Posted

your contact form is unsafe try the following function on all your variables.

 

 

<?php

function clean($var){
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}?>

 

Why is it not secure?  It sends an email, there is no risk of SQL injection.  Thank you for making me aware of the filter_var function though, I had no idea it existed.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.