Need To Add More Security To My Php Form

I Have A Free Lockerz Invite site basically its a php form which sends an email to me if some1 enters thier email and also saves in the db..

I Have created a function that stops badwords but how would i stop spam... like s;dfd sfssff such words ?? dont wanna add a captcha any other way ??

Lemme know

 

Use Adobe's (GetSQLValueString) this is the best function to stop sql injections and other things.

TechBabu
------------
Don't just make a website: Make an impact

 

If stopping spam if your goal, add in a captcha.

reCAPTCHA is the standard these days, and really easy to add to any form.

I looked at the link you posted, are you just gathering an email address? If so, you can just use a regex to check for a valid email and then insert into the DB and send the email.

 

Well basically yes i do a check if the email is valid but then this can be cheated by entering something like or something like that..

Is there any other kind of security other than captcha

 

This is one other option:

http://code.google.com/p/php-smtp-email-validation/

 

I think the best thing to do to prevent these fake emails from making it into your DB is to send out a confirmation email. It's a pain in the ass, but the only real way you can confirm an email address.

wd_2k6: Wow, I was really excited by that program. But, I couldn't get it to work on my server with a few email providers. Plus, it's still in an alpha release. I'm not sure how well it would work to begin with, since hwat it's doing really isn't a supported feature of SMTP

 

Yep I haven't used it myself yet, but there's still some work to do with it.

would pass a DNS check so you must use an SMTP check for real exsistance, but as added it's not really supported and loading times will vastly increase!!

 

Maybe you could store there email in a database, along with a code and an activated column, default is 1, and you send them an email with the code, which is created using mt_rand(), and when they click it it will take them to an activate page, which will check the code against the username, where active = 0, and then it updates active to 1, which then in turn notifies you that someone has activated their account.

 

The problems will emails nowadays is they go to spam sometimes dont even reach that pretty much sucks but i guess its a nice idea to prevent spam..

 

I got another way to prevent spam...

turn off the form. lol....

I am just kidding.

~Mike

 

lol that would just mean the war against spam has been lost

 

the best option is to check for javascript, because only browsers run javascript and bots don't, solution:

in your script include lines:

<input type="hidden" name="javascriptcookie" id="javascriptcookie" value="false">
<script language="JavaScript">
if (document.cookie != ""){
document.getElementById('javascriptcookie').value='true';
}
</script>

then, once you process the form, check for $_POST[javascriptcookie]==true

if its false, means it was a bot ...