iEntry 10th Anniversary Webforumz RegistrationAnnouncements Contact Webforumz StaffContact
Home Resources Blogs Meet the Team Contact Register

Go Back   WebForumz.com > Resources > Articles > PHP
Reload this Page Protecting your PHP forms from Spam
Register All Albums Blogs FAQ Members List Calendar Search Today's Posts Mark Forums Read

Author


Jack Franklin
Jack is 15 years old and lives happily in Cornwall, England. Web Design is his passion and he works using xHTML, CSS and PHP to code his websites, with the odd bit of Javascript now and then. In his spare time, Jack enjoys playing Football, rugby, tennis and snooker (but not all at the same time).

RSS Feed
RSS Feed

Your Options
Protecting your PHP forms from Spam

We all know that, in the world of the web, Spam is a big problem. If you want to use a contact form for your website, without protection you will, eventually, receive a lot of Spam. In this tutorial I'm going to go through 2 methods which are very easy fo

We all know that, in the world of the web, Spam is a big problem. If you want to use a contact form for your website, without protection you will, eventually, receive a lot of Spam. In this tutorial I'm going to go through 2 methods which are very easy for you to implement, and the user to understand.

1. Hidden Form

Spam-bots detect and fill in all the form boxes on a webpage. We can actually use this to our advantage to stop them. We can create a hidden form by using the following code:


<input type="hidden" name="hidden">
(Or end with /> in xHTML)

The user will obviously not see this form, and therefore will not fill it in, yet the Spambots will. So, in our PHP code, we need to check if the hidden form is filled in. If it is, then we need to reject the submission. If it is not, we can accept it.

Firstly, I've set up a simple HTML form:

<form method="post" action="form_send.php">
Name: <input type="text" value="name" name="name" /><br />  
Email: <input type="text" value="email" name="email" /><br />
Password: <input type="text" value="password" name="password" /><br />
<input type="hidden" name="hidden" /><br />
<input type="submit" value="Submit" />
</form>

All the work will be done in the file form_send.php. Firstly, we need to get the values from the form.


$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$hidden = $_POST['hidden'];

We assign each of the form fields a variable name, for easy referral later in our script. Now, we check to see if our hidden form is not filled in.

if ($hidden == '') {
//all your things here, e.g. add data to database, email, etc
} else {
echo '<p>SPAMMER!</p>';
}

The above script in simple form, says: If the form with the value hidden is empty, then process the form data, email someone the data, etc. If it is not empty, then we have a go at the Spam-bot, and, most importantly, DO NOT process the form.

That's it! That is a simple way of protecting your forms.

HINT: If you want to test the form, then change the 'hidden' form to 'text' and try entering data into that field. It should give an error.

2. Simple Mathematics

In this one, which is a bit more complex but still should be understandable, we will ask the user to add together 2 randomly generated numbers, which will be between 0 and 10. Here is the form, which this time contains a bit of PHP:

<?php
$rand_1 =  rand(0, 10);
$rand_2 =  rand(0, 10);
?>
<form method="post" action="form_send.php">
Name: <input type="text" value="name" name="name" /><br />  
Email: <input type="text" value="email" name="email" /><br />
Password: <input type="text" value="password" name="password" /><br />
Please answer the following question: 
What is <input type="text" value="<?php echo $rand_1; ?>" name="rand1" /> 
add 
<input type="text" value="<?php echo $rand_2; ?>" name="rand2" /><br />
The answer is <input type="text" name="answer" /><br />
<input type="submit" value="Submit" />
</form>

The PHP assigns a random number to 2 variables, and puts them into the form. If you preview this, you will see what is happening. If you then refresh the page, you should get different numbers.

The processing PHP page is still very similar to our previous one, instead of checking that the hidden form is empty, we are checking that the user's answer matches the correct one. Firstly, we get the values:

$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$answer = $_POST['answer'];
$rand1 = $_POST['rand1'];
$rand2 = $_POST['rand2'];

$correct_answer = $rand1 + $rand2;

The correct_answer variable contains the correct answer. We now compare this to the answer of the user.

if ($correct_answer == $answer) {
//process your form, etc
Echo '<p>Form being processed</p>';
} else {
echo '<p>Check your maths</p>';
}

This IF statement says: "If the correct answer is the same as the one the user has entered, then process the form and do the stuff. If it doesn't, then do not and display an error."

That's that. Upload it and try entering the wrong answer, refreshing and entering the correct answer. You should be able to see the correct message.

That brings this tutorial to an end. I've presented two methods to you, because it's personal preference which one you use. I would suggest the second one, as it's not going to be that much time before Spam-bots will avoid hidden forms, but even longer before they start doing mathematics!

Related Resources

Members's Comments No Comments. Be the first to comment on and rate this resource.

WebForumz.com is an iEntry Network® publication - 1998-2009 All Rights Reserved Privacy Policy and Legal
Contact Us - Web Design and Web Development forums for Beginners to Advanced - Archive - Top

Search Engine Optimization by vBSEO 3.2.0 RC8