PHP form > How to > Stop form SPAM without using Captcha

Stop form SPAM without using Captcha

Sooner or later your form may become a victim of people or programs that will try to send SPAM using your form. With proper form data validation they won't succeed in sending SPAM from your form to other people, but you can end up getting a bunch of random junk form submissions yourself.

» CAPTCHA

Usually when it comes to combating form SPAM you will find recommendations to use a visual CAPTCHA, that is a bitmapped image with random numbers and/or letters.

The fact is visual CAPTCHA has several accessibility issues and unless you have a high-volume website you should try using simple checks instead. Even W3C suggests using different approaches.

» The simple alternative

So, unless you own a large website you can try using a simple text confirmation code. As an example see our contact us page where the "Access code" is a simple text string like "MYCODE".

All this takes is an input field and a little bit of PHP code to check the entered code. Example code for the HTML form:

Access code: <input type="text" name="code" /><br />
Please enter <b>MYCODE</b> above.

Then in the PHP script you can simply check if the entered code matches. Let's compare the code in lower-case to avoid problems with typing in CaSe SeNSiTiVe code:

if (strtolower($_POST['code']) != 'mycode') {die('Wrong access code');}

Now the form will not be submitted unless the person enters the correct access code.

» But isn't this too easy and ineffective?

You can argue that this is too simple and spammers won't have any problems typing in the access code. But keep in mind two things:

1. Vast majority of SPAM is submitted using automated programs ("spambots"). Unless you have a high-traffic website with many users it is unlikely anyone will bother programming a spambot to read and post your specific access code just to send SPAM to one person.
    
2. If an actual person is submitting SPAM in your form it doesn't matter if you have a fancy Captcha as this person can read it no matter how fancy and secure it is. Luckily human submitted SPAM is very rare, these people are lazy and rather use programs to do their work on a large scale.

If your form is getting spammed I suggest you to try this method first instead of a visual Captcha, you will be surprised how effective something like this can be! KISS (Keep It Simple, Stupid!).

For those a bit more paranoid there are two more things you can do to make this even more effective:

1. Change your access code from time to time.
    
2. Place access code on some other page, not the one the form is on. For example instead of as suggested above
   Please enter MYCODE above.
   write something like:
   You will find the Access code on our "about us" page.
   
   Then place something like this on your "about us" (or some other) page of your website:
   Access code for our contact form is MYCODE
   
   This way you physically separate the access code from the form and it makes even less sense for anyone to create a spambot to target your website specifically.

This is indeed a very simple alternative to using visual Captchas, but do give it a try. You can always try other methods later if it doesn't work for you.

» Copyright notice

© 2008-2024 myPHPform.com. All rights reserved. Copying or redistributing any part of this website without our written permission is expressly forbidden!