Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to stop spammers entering http into a form to database

I have a form that sends info into a database table. I have it checked with a Javascript but what is the best way to stop spammers entering http and such into the database with PHP when Javascript is turned off?

like image 394
frapet Avatar asked Mar 18 '10 13:03

frapet


2 Answers

You could implement a CAPTCHA on the form:

http://en.wikipedia.org/wiki/CAPTCHA

Edit: Also definitely verify form data on the server side and check for html tags etc as usual, but the CAPTCHA should help against automated spam attacks.

like image 52
Neal Donnan Avatar answered Nov 13 '22 15:11

Neal Donnan


Never trust the client. Always validate all data on server side. JavaScript for form validation can just be an additional feature. You could start with basic PHP functions to check if the content contains certain strings you don't like, eg. "http://".

if (strpos('http://', $_POST['message']) !== false) { /* refuse */ }
like image 3
Nick Avatar answered Nov 13 '22 13:11

Nick