防止垃圾郵件進入我的表單

Question

我想創建一個發送給朋友的表單，而不是將其用於垃圾郵件。

我在網上搜索后發現這些來源很有用

http://www.nyphp.org/phundamentals/8_Preventing-Email-Header-Injection http://www.nyphp.org/phundamentals/6_Spoofed-Form-Submissions

下面的代碼足夠好嗎？

• 它將刪除所有新行並返回字符，因此無法添加新消息
• 它使用一個會話變量，因此該表單不能被欺騙

 function nospam($name) 
    {
        return(str_replace(array("\r", "\n", "%OA", "%oa", "%OD", "%od",
        "Content-Type:","BCC:","bcc:", "CC:","cc:"), "", $name));
    }

    //the form posts to itself
if(isset($_POST['submit'])){
    if($_POST['secret'] == $_SESSION['secret']){

        $_POST['email'] = nospam($_POST['email']); 
        $_POST['sendername'] = nospam($_POST['sendername']); 
        $_POST['link'] = nospam($_POST['link']); 
        $_POST['message'] = nospam($_POST['message']); 
        $_POST['senderemail'] = nospam($_POST['senderemail']); 


        $to = $_POST['email'];
        $subject = $_POST['sendername'] . " has sent you this link.";
        $message = "Hi " . $_POST['name'] . ",\n\n";
        $message .= "The following link was sent to you by " .  $_POST['sendername'] . ".\n\n";
        $message .= $_POST['link'] . "\n\n";
        $message .= $_POST['message'] . "\n\n";
        $from = $_POST['senderemail'];
        $headers = "From:" . $from;
        mail($to,$subject,$message,$headers);
        echo "Mail Sent.";
    }
    exit;
}else{
    //set the secret variable when the page opens - only email if it exists 
    $secret = md5(uniqid(rand(), true));
    $_SESSION['secret'] = $secret;
?>

<!--html form code here -->

<?php } ?>

Answer 1

您可以在表單底部使用reCaptcha，這將阻止這種情況的發生。

http://vidiame.com/php/how-to-implement-recaptcha-with-your-php-project