email address harvesters

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
juls
Forum Newbie
Posts: 6
Joined: Sat Mar 06, 2004 3:01 am

email address harvesters

Post by juls »

My contact.php page uses php to extract and display email addresses from a mysql database. If these email addresses reside within a database, and are only displayed when the page is called, are they vulnerable to email harvester programs? If so, how do I protect them!

Thanks in advance...
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

many email harvesters work like spiders, going from one link to another, if you have a link to contact.php page in another page then it will show up thinking its a user requesting the information.

you can use javascript to keep each part of email in diffrenet var and then print it on page, but it wont work for users without javascript, the only safe(ish) way to do is to have a contact form which the user the use to email you, then you can reply, atleast this way, someone will have to add your email address manualy :wink:
juls
Forum Newbie
Posts: 6
Joined: Sat Mar 06, 2004 3:01 am

Post by juls »

Thanks Qads! So email harversters CAN access the data in the database by displaying the php page! I will follow your advice and use the javascript solution.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Mind that ppl with JavaScript disabled will so nothing... Other option would be to provide an image with the e-mail address in.... or use a form that delegates the e-mails without exposing the address to others...
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Adding to the discussion;

You can also use header()'s in this form:

Code: Select all

<?php
 // email.php
 $userid = $_GET['userid'];
 $result = mysql_query("select email from table the userid = $userid");
 $mail = mysql_result($result,0);
 header("Location: mailto:$mail");
?>
Calling the file above using /email.php?userid=4 will get you the email addy of person #4 (in theory) in your database, and initiate 'mailto-popup' acoordingly...

Yes, it needs editing, it's just ideas of another ways to bypass spiders/harvesters.
Post Reply