What do these few php fields mean in my email form?

[11Tami]

Hi, I have a form that sends to my email and there are a couple values in the php form that are supposed to help with spam but they don't seem to be working. Because when I change them to just anything the form still sends to my email. I am hoping someone can tell me what these do so that I can fix them to actually work and protect my form. Here they are and I have no idea what they do. Thank you!!! Tami

$http_referrer = getenv( "HTTP_REFERER" );
if (!isset($_POST['email'])) { header( "Location: $formurl" ); exit ; }
This one is at the end of my mail() string and I am supposed to list in it the name of the page with the php in it. But when I change it to anything it doesn't seem to matter. It all still sends.
"X-Mailer: chemailphp.php 2.07"

[.josh]

getenv() function gets an environment variable. in this case, it's getting HTTP_REFERER. from the manual:

[quote]
'HTTP_REFERER'

    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
[/quote]

so your code block is first making a variable called $http_referrer that holds the HTTP_REFERER value.  Then it has a condition that checks to see if $_POST['email'] exists. $_POST is an array that holds data from your form. 'email' is one of your fields in your form.  If it does not exist, it is assumed that the user did not fill out the form, and the script then sends the user over to some page that is held in $formurl, wherever that is.

there isn't anything in those lines of codes that you have supplied that actually has anything to do with your mail() function, so I'm a little unsure as to what it is you are actually asking here...

well, i kinda know what your asking, but that code you just showed isn't really linked to your mail() function, wherever it is.  You're gonna have to show some more code.

[11Tami]

Thanks crayon someone else said those don't stop spam at all so I'll just get rid of them. Anyone know the code for stopping the form from being sent if not sent from the form page? Thank you!

[alpine]

To ensure YOUR form really is the source of POST, you could generate a random string and include it in a hidden field in your form simultaniously as you insert the same random string into a mysql table.
When checking the POST'ed form, match the posted random string against the one stored in mysql --> Match = ok, if not - abort.
Regardless, clean up and delete the string from mysql.

[11Tami]

Are you still around Alpine? Would if I am doing it in a form without it going to mysql. Anyway to make sure its coming from the form page? Thanks! Tami