Hi all, I am looking for a realitvely quick way to prevent my contact forms from being exploited by spammers. I have come across 2 ideas, but wonder which is best, and if in fact either are enough. Here is what I have, any suggestions are appreciated.
#1. placed at the top of the form validation:
if (isset($_POST['submit'])) {
$kill_injection = $_POST['name'];
if (eregi("\r",$kill_injection) || eregi("\n",$kill_injection)) {
die('<h3>Please do not spam our forms.</h3>');
}
#2. Surrounds the mail function:
$crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$comments);
if (!$crack) {
mail("$Mymail", "$subject", "$comments", "$headers");
}