Form query

K

KiwiBrian

The first entry in the Formmail script that I am using is:-

// for ultimate security, use this instead of using the form
$recipient = "(e-mail address removed)"; // (e-mail address removed)

Can someone please explain this entry.
Placing my address in there enables the form to be accepted and sent to me.
Without an address in there the form is rejected at the input stage with an
error response implying that there is no recipient address.
However the use of the word "instead" implies that an email address is
optional here and that there is an alternative that works. What is it?
Is there perhaps an entry missing in the form HTML that could serve as an
alternative.
If I include the line '<input type="hidden" name="recipient" value="and
place my email address here"> the form is rejected.
Any clarification would be appreciated
Brian Tozer
 
D

Dan Ruscoe

The first entry in the Formmail script that I am using is:-

// for ultimate security, use this instead of using the form
$recipient = "(e-mail address removed)"; // (e-mail address removed)

Can someone please explain this entry.

This keeps your email address in the script, rather than on the actual
page with the form, so it's hidden from spam bots.

The alternative would be adding something like
<input type="hidden" name="recipient" value="youremailaddy">
 
J

Joel Shepherd

Dan Ruscoe said:
This keeps your email address in the script, rather than on the actual
page with the form, so it's hidden from spam bots.

That's the least of the problems.
The alternative would be adding something like
<input type="hidden" name="recipient" value="youremailaddy">

Allowing the e-mail form submitter to specify the recipient -- and even
with 'hidden' input, they can -- is opening the door wide to the form
and the web server that handles it being abused by spammers to send spam
to _anyone they want to_, not just you. It is trivial to write a script
that submits such a form over and over again, specifying a different
recipient each time.

Keep your e-mail address in the script. It's not there to save you from
getting spammed: it's there to save your form from being the source of
spam for others.

--
Joel.

http://www.cv6.org/
"May she also say with just pride:
I have done the State some service."
 
D

Dan Ruscoe

That's the least of the problems.


Allowing the e-mail form submitter to specify the recipient -- and even
with 'hidden' input, they can -- is opening the door wide to the form
and the web server that handles it being abused by spammers to send spam
to _anyone they want to_, not just you.

Correct, and that's why he should specify his address in the script.

Just to make it clear, I identified using the hidden input tag simply
because he asked what the alternative was. I certainly don't recommend
anybody use it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top