Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Build a Simple PHP Application Wrapping Up The Project Validating Contact Form Data

Oziel Perez
Oziel Perez
61,321 Points
Posted by Oziel Perez
Oziel Perez
61,321 Points

Alternate Anti-Spam Technique

I currently have a contact form on a website I've built for my firm. In the current course I'm taking (Build a Simple PHP Application), Randy uses a text input element that is set to display:none and uses a form validation technique to check and see if a spam bot is trying to fill out that hidden input field and stop any emails from being sent. In my case, I use a captcha code in the form of a question. When a user fills out my form, the last field has a label that says "What is 2 + 2?" and the user must put 4 so that the email can be sent, and I assume a spam bot wouldn't know what to put in this field. After seeing Randy's technique, is it highly suggested that I try using his method? or is my technique just as effective? I want to make sure that I understand all the pros and cons of using both techniques.

For more information on where I got the idea for the captcha code, I read this article:

http://tangledindesign.com/how-to-create-a-contact-form-using-html5-css3-and-php/

2 Answers

James Best
James Best
11,112 Points
James Best
James Best
11,112 Points

Hey Oziel,

To be honest both have their merits but obviously both have their downfalls too. No protection is going to work 100%. It is mostly about damage limitation.

These days spam bots are pretty damn clever and some can even do simple maths questions like your captcha. Some developers will argue that using a captcha takes away from the user experience but that is personal preference.

I personally use the hidden field technique as I find it to be very effective and the least intrusive. I also have some pretty strict validation rules when doing serverside validation. I also do clientside validation. This plugin is great for clientside validation - http://jquery.michaeleisenbraun.com/guardian/

I find the best approach is to provide many layers of security for my forms with the hope to minimise the amount of spam my clients receive.

There is no right or wrong answer if is about finding what works.

I hope that helps a little.

James

Vincent Rose
Vincent Rose
9,569 Points
Vincent Rose
Vincent Rose
9,569 Points

We used to use Recaptcha, but the audio used for people who can't see was terrible, and they couldn't submit the form. We asked our UI/UX and accessibility staff to help us assess spam prevention solutions. We discovered that captchas vs. hidden or honey pot fields were essentially equally effective at preventing spam, but captchas created a barrier for people who couldn't see. We use the hidden field technique now. Our blind users can submit the forms without any problem and we haven't seen any uptick in spam submissions.