Currently I have a site that has a form handler that will process any form I send to it (Even from other domains).
What is the easiest way to secure this form handler so that it can not be exploited by spammers?
I need it to stay simple so that it can process any forms from my site (rather than having a specific form handler for each form).
What is the best way to do this?
Can it be done without form-field validation?
Is there a simple bit of reliable code that will only allow forms from my domain to be processed by the form handler?
Thanks in advance for any input on this.
Email Forms _Processing Securely
Moderator: General Moderators
Although not perfect, I like to give each form a unique token in a session var and in a hidden field. On submit you just check to make sure the two match. That'll help cut down on spam. A better way is to use a CAPTCHA or have the user click on a link in their email.