[thelist] what's the hole in my contact form anti-spam?

Roberto Gorjão roberto at asenseofdesign.com
Wed Sep 9 21:20:11 CDT 2009 

You're missing the

if($_POST['fettucine'] = 'wet') {

on line 1, and another

}

at the end.

Also, you're missing the "for" attributes in your label tags.

Roberto

---------------------
Joel Canfield wrote:
> Here's the basic php for the contact page and response page uploaded 28
> July, and a sample of the spam that's been coming in today (nothing before
> now.) What am I missing?
> contact.php
>
> <form name="theForm" action="contactresponse.php" method="post"
> onsubmit="return isValid(this);">
> <input type="hidden" name="mysauce" id="mysauce" value="alfredosauce" />
> <input type="hidden" name="FormSource" id="FormSource" value="Contact Form"
> />
> <div class="row"><span class="label">Name </span><span class="formw"><input
> type="text" name="RealName" id="RealName" /></span></div>
> <div class="row"><span class="label">E-mail </span><span
> class="formw"><input type="text" name="Email" id="Email" /></span></div>
> <div class="row"><span class="label">Telephone </span><span
> class="formw"><input type="text" name="Telephone" id="Telephone"
> /></span></div>
> <div class="row"><span class="label">Other Comments or Questions
> </span><span class="formw"><textarea name="OCQ" id="OCQ" cols="18"
> rows="6"></textarea></span></div>
> <div class="row"><span class="label">Is water wet or dry? (This tells us
> you're not an evil internet spambot)</span><span class="formw"><input
> type="text" name="fettucine" id="fettucine" /></span></div>
> <div class="row"><input type="submit" name="submit" id="ContactSubmit"
> value="Fix My Broken Marketing" /></div>
> </form>
>
> contactresponse.php
>
> if($_POST['mysauce'] = 'alfredosauce') {
> if(isset($_POST['submit'])) {
> $form_source = $_POST['FormSource'];
> $name_field = $_POST['RealName'];
> $email_field = $_POST['Email'];
> $telephone_field = $_POST['Telephone'];
> $othercomments_field = $_POST['OCQ'];
> $to = "example at example.com";
> $subject = "Website contact from $name_field";
> $headers = "From:  Website <website@ example.com>\r\n";
> $headers .= "Cc: Joel D Canfield<joel at bizba6.com>\r\n";
> $headers .= "Reply-To: example@ example.com";
> $body = "From:\n    $name_field\n\nEmail:\n    $email_field\n\nTelephone:\n
>    $telephone_field\n\nOther Comments or Questions:\n
>  $othercomments_field\n";
> mail($to, $subject, $body, $headers);
> }
> }
>
>
>

More information about the thelist mailing list