How to make secure contact form using php? I want to make it secure so people wont be able to spam it so easily. I have tried using capcha classes but its not giving me perfect result.

You can use random image for this...

Personally, i'd set a session or a cookie, or even an entry into a database, which restricts them from posting more than one email during an hour or a day etc.

If you need any help on doing this just ask me.

Personally, i'd set a session or a cookie, or even an entry into a database, which restricts them from posting more than one email during an hour or a day etc.

If you need any help on doing this just ask me.

However, there are still times when users might need to legitimately send more than one e-mail in the time span - although granted it would be rare, so it wouldn't really be a problem.

I would go with image generation - have you got GD installed on your server? If not you could do something like generate a random number, and ask the user to enter the nth letter in a string:


$string = "The Rain In Spain Stays Mainly On The Plain";
$rand = rand(1,strlen($string));
print "Please Enter the " . $rand ."letter in this sentence: <b>$string</b>";

Then you could send the number generated along with the form, and check the right letter had been entered.... Just an idea

There are other ways to exploit php contact forms. I did a quick goole and found securephpwiki.com/index.php/Email_Injection - It helped me once.

I have heard of a few hackers creating bots that can distinguish letters inside an image. I'm not sure if this is true, but if you want to be on the safe side, try looking at http://pixel2life.com/ for a tutorial on how to do it.

What you should do is store the last time a user submitted the form in a database. Then when a user re-submits, the script will check the last time they submitted the form and decide whether it is too soon or not.

When the user submits a form add an entry to a table with the person's IP + time() and then when they submit check the database for that IP and the same time.

Then do if(time() - [The last time() a user submitted the form] < 30 [seconds]) then just give an error saying they are submitting too soon.

Sorry if the way I phrase my sentences is confusing

I have heard of a few hackers creating bots that can distinguish letters inside an image. I'm not sure if this is true, but if you want to be on the safe side, try looking at http://pixel2life.com/ for a tutorial on how to do it.

Yes that is true :) I being one of those :hackers:

You should use CAPTCHAs and also make use of a MySql Database. You can stop people from using the form for a gap say 2 mins. Also you should record all activity. And stop people from doing the same action for the next 30 mins without considering the IP. Though there is no guarantee that you could stop hackers this way. Also never use a client side script language like JavaScript as it can be easily HACKED!

At least use a CAPTCHA, but it may also be a good idea to have some javascript display the form in whatever type of simply encrpytion. This helps as most of the spam bots don't parse javascript (or do they?).