问题
I have built a website and I want to have an e-mail contact form on the web page, so that someone can send me a message.
I am using the code from this website: http://www.w3schools.com/php/php_secure_mail.asp
I am using the part that says PHP Stopping E-mail Injections
Even though my site gets very few hits per day (like less than 10 visitors) I am finding that I am getting 3 or 4 messages every day from "spammers" who just seem to be sending me random messages that are not related to the subject matter of the website.
I am fairly new to all this, so I would like to ask the question: Why is my PHP e-mail form attracting Spam and what can I do to stop it?
Ideally I would like to make it as easy as possible for the real users to contact me, and I would prefer it if I didn't have to use a CAPTCHA if possible.
Thanks so much
Code I am using:
<html>
<body>
<?php
function spamcheck($field)
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
if (isset($_REQUEST['email']))
{//if "email" is filled out, proceed
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck==FALSE)
{
echo "Invalid input";
}
else
{//send email
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail("someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
}
else
{//if "email" is not filled out, display the form
echo "<form method='post' action='mailform.php'>
Email: <input name='email' type='text'><br>
Subject: <input name='subject' type='text'><br>
Message:<br>
<textarea name='message' rows='15' cols='40'>
</textarea><br>
<input type='submit'>
</form>";
}
?>
回答1:
There is a simple way to get rid of most spammers:
output an input field inside your form that as display: none; as a style. Ideally that is specified in an external css file.
Put that input field inside your form and give it an important name, like "name2" or something.
Then, when eveluating input, discard all requests that have avalue inside that field, as a real user can not see and and thus can't enter a value. Whereas spam bots most likely fill all fields they find on a page.
来源:https://stackoverflow.com/questions/15636993/why-is-my-php-e-mail-form-attracting-spam