Do your PHP forms get spammed? - Here's your solution:

Workings:

Basically, you have a field in your form which is hidden with CSS. If a human visitor comes along they cannot enter a value in it because it is hidden.

When a BOT comes along they usually fill out all fields. This means the hidden field will have a value in it.

The PHP snippet goes on your form processing page and if it finds the hidden field has been filled in it stops processing the form.

Bingo! ~ Enjoy.

Notting



Put this field in your form:

<input name="textfield6" type="text" class="hidden" size="1" />

Put this style in your Css:

.hidden {
width:5px;
visibility:hidden;
}

Put this statement in your PHP code (action page):


//spam catch
$spam = $_POST['info'];
if ($spam != "")
{$errors[] = "This is a spam check. If you are a genuine visitor, then this is a technical error and we apologise. Please contact us on 0870 NNN NNNN";}


// Display any errors and exit if errors exist.

if(count($errors)){foreach($errors as $value){print "$value<br>";} exit;}

if(!defined("PHP_EOL")){define("PHP_EOL", strtoupper(substr(PHP_OS,0,3) == "WIN") ? "\r\n" : "\n");}

 

that's an elegant solution.

thanks for sharing.

 

Nice tip. I am sure some people can use this one.

 

Smart, thanks

 

Good solution, I will test it, thanks!

 

I used this solution for awhile on one of my sites. Worked great until the bot or human adapted. I think it was because I was specifically targeted. Definitely worth a shot tho and I would highly suggest adding this to a multi-tiered solution.

 

I'll try it... seems good

 

Sounds clever. Watch out captcha!

 

How are people getting on with this? Who has implemented it?

Notting

 

I've been using this method since a long time now, and only ONE spam mail got through since then. (Using this method on multiple sites)

Maybe you should not throw an error if the field was filled out though. Some bots check for errors and detect these. Just pretend like the form was submitted successfully so the bot has no chance to know what's up.

 

Thanks nico_swd, if I start getting spam this sounds like a good avenue to go down.

Cheers
Notting

 

This is actually a very simple and very effective way of preventing bots signing up. But as someone said, the bots could adapt to it, possibly by searching HTML and CSS code...I don't know.

Reputation added, this is a clever solution.

 

good solution for this big problem...
i´ll use

 

Seems good, thanks for sharing

 

woow.. great.. You deserce a green rep for this.

I've been using captchas all this time, it's not so user friendly!

 

Nice solution, you could make it even tighter by having a hidden field that is updated with a value when the submit button is clicked. My guess is that bots don't click the submit button but just post to the forms target?

Also check the the post is coming from your actual site by checking the $_SERVER["HTTP_REFERER"] - this catches most remote injections.

 

Not really. Most bots are aware of this and automatically set the referrer (just in case).

 

Yes, you are right nico_swd, it should have said 'some remote injections' not 'most remote injections'

 

Thanks Notting, that's very clever, I'll try it.

 

thank you Notting, I will be using this tip