0

I am new with developing php things about forms How can I protect the form so someone from outside can't send it info or spam it?

I found this thing https://github.com/PhpGt/Csrf is it good to generate a token for from?

Or should I just generate a new hash from UNIX timestep and his ip address every time that he submits the form? so the next time he will have to get the new hash

some times I have more than one form on one page

Shadow341
  • 9
  • 4
  • If you are talking about spambots this post might help: https://stackoverflow.com/questions/43379125/prevent-php-web-contact-form-spam – Lucas de Rijke Nov 16 '22 at 15:21
  • 1
    CSRF token and/or a Captcha are usually the ways you can deal with this sort of scenario. I would be surprised if there are no previous SO questions (and other blogs etc) about this topic already. – ADyson Nov 16 '22 at 15:21
  • Do these posts answer your question? [Understanding CSRF](https://stackoverflow.com/questions/2581488/understanding-csrf) and [Are both csrf tokens and captcha needed](https://stackoverflow.com/questions/3806700/are-both-csrf-tokens-and-captcha-needed) and [Is CAPTCHA necessary when I use an anti-CSRF token](https://security.stackexchange.com/questions/83764/is-captcha-necessary-when-i-use-an-anti-csrf-token) – Ken Lee Nov 16 '22 at 15:25
  • csrf tokens are useless against automation/crafted attacks, using a capcha is your only option – Lawrence Cherone Nov 16 '22 at 15:28
  • Tokens are nice, but they don't prevent all malicious form submissions. No hidden method really does. The disadvantage of Capchas is that you have to share your visitors with commercial parties like Google. They will try, one way or another, to monetize the information you provide, sometimes to the detriment of your visitors. What can really help, besides tokens, is a "honey pot". Implement your own unique one and it will catch most robots. – KIKO Software Nov 16 '22 at 15:30

0 Answers0