@MK: Your method implies, that the user has a javascript enabled browser, else the post would fail. This means in the end you loose customers, because they're surfing with lynx.
Peter On 8/15/06, Matthias Keller <[EMAIL PROTECTED]> wrote:
Tonnerre LOMBARD wrote: > Salut, > > On Tue, Aug 15, 2006 at 06:59:21PM +0200, Matthias Keller wrote: > >> Correct. >> And that's the way it works :) >> consider this: >> <form method="POST" action="post.php" onSubmit="this.somefield.value=123"> >> <input type=hidden name="somefield" value=""> >> ... >> </form> >> >> If the post.php receives the POST request without $_POST["somefield"] >> == "123" it refuses to send the mail... >> > > And what if they do send the 123? > They wont Because that would need some user interaction upon collecting the data at the first time. And just in CASE they would start with it - no worries, you can always make it more dynamic.. consider using some formula which involves the current day which gets calculated on the client AND on the server side or whatever... As long as they dont evaluate the javascript VERY regularly they cant spam - and i dont think they'll go so far as to executing JS as it's lots more complicated than just capturing form data and is potentially dangerous (infinite loops and stuff) As you said - these are SCRIPTS and as soon as you start to require something not doable by scripts you make it MUCH harder for them. Matt _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-- Confidentiality Note: This message is intended only for the use of the named recipients and may contain confidential and/or privileged information. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorized use of the information contained in this message is prohibited. _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
