Jump to content

Is adding this code to a contact form to prevent spam OK?


Jono

Recommended Posts

I saw this tip on another web site to prevent spam on contact forms. In the contact form you add a hidden field

 


 

And then in the PHP file you add

if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else {...send email...}

 

But my PHP file is a little different as also activates some JavaScript on the webpage depending on whether the form is filled out correctly or not (If successful shows a little ?Your email has been sent...? with animation. If the fields aren?t filled out correctly it shows what?s missing).

 

Someone else made the contact form for me as I don?t know any PHP (or ajax), but I?ve tried to adapt the code above & add it to my PHP form. I?ve tested it & it seems to work OK, but thought I?d just check that it shouldn?t potentially cause any problems, or if it needs tweaking/formatting a little.

Here?s the last part of my original PHP file

 

$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
$success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>");
}

// call success or error js functions
if ($success){
 print "doThanks()";
}
else{
 print "doError()";
}
?>

 

And here it is after I added the (hopefully) anti spam code

 

$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
$success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>");
}

// call success or error js functions
if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else

if ($success){
 print "doThanks()";
}

else{
 print "doError()";
}
?>

 

Does the code I added look OK, or does it need changing in any way? :)

Link to comment
Share on other sites

The concept is that only a Bot (spammer) will see the Hidden field, so if there are any contents in that field, then you know a Bot completed the Form, so disregard the email or comment.

It works to filter out Bot submitted Forms, but not intentional Human provided Spams.

Link to comment
Share on other sites

Thanks jlhaslip.

Does the code I added to the PHP file look OK, or could it cause any problems? (I ask because I don't know PHP at all, & don't want to break the functionality of the existing contact forms.)

Edited by Jono
Link to comment
Share on other sites

You have not posted the entire code block, but from what i see, there is only one comment I would make.

The Mail function needs to be performed only if there is no input in the 'hidden' field.

// call success or error js functions
if ( $_POST['to_address'] ) { 
echo 'Tastes Like spam!'; 
} else {

$success = true; mail($EmailTo, $Subject, $Body, "From: ");

}

if ($success){
 print "doThanks()";
}

else{
 print "doError()";
}
?>

You could also tighten up the code by moving the ajax calls into the If-else above them.

Link to comment
Share on other sites


<?php

function getPostVal($paramName)
{
global $_POST;
return (array_key_exists($paramName, $_POST)) ? Trim(stripslashes($_POST[$paramName])) : '';
}

$Name = getPostVal('Name');
$Company = getPostVal('Company');
$Web_Site = getPostVal('Web_Site');
$Country = getPostVal('Country');
$Email = getPostVal('Email_Address');
$Subject = getPostVal('Subject');
$Message = getPostVal('Message');
$EmailTo = "user@emailaddress.com";

// validation
$missing = '';
$success = false;
if (!$Name) $missing = "

You forgot to add your Name

\n";
if (!$Email) $missing .= "

You forgot to add your Email Address

\n";
if (!$Subject) $missing .= "

You forgot to add a Subject

\n";
if (!$Country) $missing .= "

You forgot to add your Country

\n";
if (!$Message) $missing .= "

You forgot to add a Message

\n";
if ($missing != '') {
// include missing error messages
print "" . $missing;
}
else{
// prepare email body text
$Body = "Sent via 'websiteurl.com'";
$Body .= "\n";
$Body .= "\n";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email Address: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Company: ";
$Body .= $Company;
$Body .= "\n";
$Body .= "Web Site: ";
$Body .= $Web_Site;
$Body .= "\n";
$Body .= "Country: ";
$Body .= $Country;
$Body .= "\n";
$Body .= "\n";
$Body .= "Subject: ";
$Body .= $Subject;
$Body .= "\n";
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
$success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>");
}

// call success or error js functions
if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else

if ($success){
print "
doThanks()
";
}

else{
print "
doError()
";
}
?>
Edited by Jono
Link to comment
Share on other sites

What happens when someone has javascript turned off? They see your form, fill it out, hit reply, and get an insulting message. Then, you never email them back. Nice.

The message still sends with JavaScript turned off (obviously the animations don't work). Insulting message? Why would you think that? It's nice & polite.

 

There's also a 'If you prefer to use your own email client' link at the bottom of the form. So they can use that if they want to open up an email in their email client & send it that way (or have any trouble).

 

I want to use the form because in the past people have tended not to send the info I need. With the contact form's required fields more often than not I get the info I need without having to send an email saying 'Can you send this info over?'

Edited by Jono
Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...