Hello
I have a PHP website form that gets filled out with spam - mostly URLs. To try and stop this I have inserted the following code into my form:
$SpamErrorMessage = "No website URLs permitted";
if (preg_match("/http/i", "$telephone")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$website")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
{
show_error("E-mail address not valid");
}
/* If URL is not valid set $website to empty */
if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website))
{
$website = '';
}However, I have another field in the form that asks the user what their website address is. Of course when they fill that out, the above code blocks it meaning that when they click on 'Send' it tells them that "no URLs are allowed", so they can't submit the form. If I take out the line:
if (preg_match("/http/i", "$website")) {echo "$SpamErrorMessage"; exit();}
the form works - though the person filling it out would have no way of knowing that of course - but on the thank you page gives an error message.
I'm not sure how to escape the above code about the website. If it wasn't for the fact I ask them for their own URL the code would work fine to stop spammers!
Any advice hugely appreciated!
Thanks.
Tig