Posted by Geoff Berrow on 09/08/05 19:09

I noticed that Message-ID:
<dfpk5l$hkd$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com> from Neil McDermott
contained the following:

>I do have javascript validation on the form but it only checks that the
>email is whatever@something.com. I also have it on the phone field to make
>sure it is a number.

Phone numbers are not numbers. How does it handle +44 1782 111111 or
01782 111111

>How then has someone sent an email address in the phone
>field?
They just turn Javascript off.
>
>Also re
>
>You can do something fairly simple to make sure the form is submitted
>from the site where it resides:
>if (!strstr($_SERVER['HTTP_REFERER'], 'mysite.co.uk')) {
> exit ("Invalid referrer");
> }
>
>Where does this go in the script?
At the beginning.

--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

[Back to original message]