Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Code to Exclude HTML Hacks from Contact Forms

Could use help with code example to exclude HTML responses

3:39 am on Apr 9, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:June 27, 2007
votes: 0

I don't mind occasional form garbage, but I am worried about scams to insert code or backlinks through my contact forms.

I have several websites that use a simple contact form.

They are all on shared windows hosting.

They are simple HTML sites that post to an asp form handler provided by GoDaddy to send the contact info to my email.

My users are non-technical and have no reason to put links or any HTML code in the contact form fields.

How can I easily block this with my limited programming knowlege? Is there something I can write in the form to exclude <> etc from the fields? Or do I need a javascript etc? SSL is beyond me and my my hosting ability.

Specifics would be VERY helpful.


[edited by: phranque at 7:56 am (utc) on April 10, 2009]
[edit reason] hosting specifics [/edit]

10:46 pm on Apr 9, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
votes: 0

If the forms are merely posted as email, then the links are harmless - you can safely ignore them.

You could set up rules in your email client to delete them automatically. For instance, delete any email that contains link=http url=http etc.

If you want to stop the emails being sent in the first place, the method used will have to depend on the form script itself - javascript won't help in this instance. Since you are using a formmail script provided by your host, you'll need to ask their advice. You may also find an answer in the FAQ section if they have one.


2:16 am on Apr 10, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:June 27, 2007
votes: 0

Thanks for the advice Kaled :o)