My contact.php page uses php to extract and display email addresses from a mysql database. If these email addresses reside within a database, and are only displayed when the page is called, are they vulnerable to email harvester programs? If so, how do I protect them!
Thanks in advance...
email address harvesters
Moderator: General Moderators
many email harvesters work like spiders, going from one link to another, if you have a link to contact.php page in another page then it will show up thinking its a user requesting the information.
you can use javascript to keep each part of email in diffrenet var and then print it on page, but it wont work for users without javascript, the only safe(ish) way to do is to have a contact form which the user the use to email you, then you can reply, atleast this way, someone will have to add your email address manualy
you can use javascript to keep each part of email in diffrenet var and then print it on page, but it wont work for users without javascript, the only safe(ish) way to do is to have a contact form which the user the use to email you, then you can reply, atleast this way, someone will have to add your email address manualy
Adding to the discussion;
You can also use header()'s in this form:
Calling the file above using /email.php?userid=4 will get you the email addy of person #4 (in theory) in your database, and initiate 'mailto-popup' acoordingly...
Yes, it needs editing, it's just ideas of another ways to bypass spiders/harvesters.
You can also use header()'s in this form:
Code: Select all
<?php
// email.php
$userid = $_GET['userid'];
$result = mysql_query("select email from table the userid = $userid");
$mail = mysql_result($result,0);
header("Location: mailto:$mail");
?>Yes, it needs editing, it's just ideas of another ways to bypass spiders/harvesters.