I generate a "no spam" image with a random text code that they user must type in. When I generate the code, I save it in the session -- when the form mails, it resets the code. Or, if the page is refreshed, a new code is generated.
That, combined with strip_tags and not actually writing the email address on the page has helped me stop virtually all spam from my web site. (I'd gladly share the code if you think it might be useful to you.) Dave >>> [EMAIL PROTECTED] 06/02/03 21:39 PM >>> I need advice from people smarter than me. This web page I maintain for a friend has a bunch of email addresses on it. I know, I know, spam. I warned them, they wanted it that way. So now 6 months later, they get spam and want a solution so it doesn't get worse. So, I started making them a form that people could use and so I could learn more about the mail() function to send messages online. My thoughts go back to a UUG meeting when Dave Smith was showing us a similar application, only with a database, and the quick thinkers in the group showed us why security is needed by making pop up Javascript windows on Dave's demo blog. So there is this function called strip_tags() which I tested and appears to work. My question is, is strip_tags() enough to prevent potential abuse, or is there something else I need to put in there to make it even better? Thanks. -- Jacob Albretsen [EMAIL PROTECTED] ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
