Form query

Discussion in 'HTML' started by KiwiBrian, Dec 5, 2004.

  1. KiwiBrian

    KiwiBrian Guest

    The first entry in the Formmail script that I am using is:-

    // for ultimate security, use this instead of using the form
    $recipient = ""; //

    Can someone please explain this entry.
    Placing my address in there enables the form to be accepted and sent to me.
    Without an address in there the form is rejected at the input stage with an
    error response implying that there is no recipient address.
    However the use of the word "instead" implies that an email address is
    optional here and that there is an alternative that works. What is it?
    Is there perhaps an entry missing in the form HTML that could serve as an
    alternative.
    If I include the line '<input type="hidden" name="recipient" value="and
    place my email address here"> the form is rejected.
    Any clarification would be appreciated
    Brian Tozer
     
    KiwiBrian, Dec 5, 2004
    #1
    1. Advertising

  2. KiwiBrian

    Dan Ruscoe Guest

    In article <covi1j$4mu$>, KiwiBrian says...
    > The first entry in the Formmail script that I am using is:-
    >
    > // for ultimate security, use this instead of using the form
    > $recipient = ""; //
    >
    > Can someone please explain this entry.


    This keeps your email address in the script, rather than on the actual
    page with the form, so it's hidden from spam bots.

    The alternative would be adding something like
    <input type="hidden" name="recipient" value="youremailaddy">

    --
    Dan Ruscoe
     
    Dan Ruscoe, Dec 5, 2004
    #2
    1. Advertising

  3. In article <>,
    Dan Ruscoe <> wrote:

    > In article <covi1j$4mu$>, KiwiBrian says...
    > > The first entry in the Formmail script that I am using is:-
    > >
    > > // for ultimate security, use this instead of using the form
    > > $recipient = ""; //
    > >
    > > Can someone please explain this entry.

    >
    > This keeps your email address in the script, rather than on the actual
    > page with the form, so it's hidden from spam bots.


    That's the least of the problems.

    > The alternative would be adding something like
    > <input type="hidden" name="recipient" value="youremailaddy">


    Allowing the e-mail form submitter to specify the recipient -- and even
    with 'hidden' input, they can -- is opening the door wide to the form
    and the web server that handles it being abused by spammers to send spam
    to _anyone they want to_, not just you. It is trivial to write a script
    that submits such a form over and over again, specifying a different
    recipient each time.

    Keep your e-mail address in the script. It's not there to save you from
    getting spammed: it's there to save your form from being the source of
    spam for others.

    --
    Joel.

    http://www.cv6.org/
    "May she also say with just pride:
    I have done the State some service."
     
    Joel Shepherd, Dec 5, 2004
    #3
  4. KiwiBrian

    Dan Ruscoe Guest

    In article <>,
    Joel Shepherd says...
    > In article <>,
    > Dan Ruscoe <> wrote:
    >
    > > In article <covi1j$4mu$>, KiwiBrian says...
    > > > The first entry in the Formmail script that I am using is:-
    > > >
    > > > // for ultimate security, use this instead of using the form
    > > > $recipient = ""; //
    > > >
    > > > Can someone please explain this entry.

    > >
    > > This keeps your email address in the script, rather than on the actual
    > > page with the form, so it's hidden from spam bots.

    >
    > That's the least of the problems.
    >
    > > The alternative would be adding something like
    > > <input type="hidden" name="recipient" value="youremailaddy">

    >
    > Allowing the e-mail form submitter to specify the recipient -- and even
    > with 'hidden' input, they can -- is opening the door wide to the form
    > and the web server that handles it being abused by spammers to send spam
    > to _anyone they want to_, not just you.


    Correct, and that's why he should specify his address in the script.

    Just to make it clear, I identified using the hidden input tag simply
    because he asked what the alternative was. I certainly don't recommend
    anybody use it.

    --
    Dan Ruscoe
     
    Dan Ruscoe, Dec 5, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Learner
    Replies:
    1
    Views:
    987
    Marina Levit [MVP]
    Jan 30, 2006
  2. Anonymous
    Replies:
    0
    Views:
    1,474
    Anonymous
    Oct 13, 2005
  3. David Gordon

    xpath query query

    David Gordon, May 18, 2005, in forum: XML
    Replies:
    2
    Views:
    792
    David Gordon
    May 18, 2005
  4. Eric Nelson
    Replies:
    5
    Views:
    1,530
    Alexey Smirnov
    Feb 4, 2009
  5. Jon F.

    CAML Query: Multiple Query Fields Issue

    Jon F., May 12, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    758
    Jon F.
    May 12, 2004
Loading...

Share This Page