My clients are constantly plagued by form responses filled with spammers' links.

I currently use .htaccess to block known spammers, a temporary solution but one that also bans whoever inherits the IPs, and image CAPTCHAs to block spambots but I realise these are not accessible. I also display the visitor's IP as a deterrent.

As spammers are mostly driven by including URLs in their polluting contributions, it would seem logical that a script that bars 'http' and 'www' from being submitted in any form fields would reduce this type of spam enormously. In most cases URLs are not required anyway.

Please can anyone link to/write such a validation script?

Many thanks,

Tim

If it is PHP you could have something like this:

if ((strstr(strtolower($fieldName), 'http://')) || (strstr(strtolower($fieldName), 'www'))) {
print "No links are accepted in the ______ field!";
return; }

Thanks Sands,

Unfortunately, all existing forms are handled by FormMail Perl with JavaScript validation so I don't think I can make your solution work, unless you know otherwise? I use PHP for the "REMOTE_ADDR" display but that doesn't write to the form.

I have been considering mass conversion to PHP but that would/will mean a lot of work for dozens of sites. Eek!

Thanks again for the nice script that I will use in future.

Then do it in JavaScript.

On the form submit button, direct it to a JavaScript function instead of directly submitting the form. This function can then search the post entry for the offending text. if it isn't there, call the forms submit function.

You can use the same function for other form validation too, such as ensuring the poster puts in an e-mail address or other required field.

From your post, it sounds like you are already calling a JavaScript function before form submission so this should be a simple addition to it.

Thanks Dave but I'm sure most form-spammers have JavaScript disabled.