Frequently Asked Questions

logo Fork me on GitHub

send | spam | bots | from | response | header | validation archive


Q: How do I send the email message to more than one person?
A: Add recipients separated by commas to the "SendTo" line.

For example:
      $sendTo = "feedback@yourdomain.com,hr@yourdomain.com";


Q: I'm getting attacked by spammers.  Help!
A: Attackers often try to use web forms to submit the text "bcc:" or "cc:" followed by a test email address in the hope that the form processor inadvertently sends a copy of the message to the test email address.  PERFECT appears to be impervious to these attacks, but the resulting barrage of test messages can be annoying.  You can enhance PERFECT's simplistic spam check with additional rules.

Update the line:
      $valid = str_word_count(reset($_POST)) > 2;

with additional checks, such as:
      $valid = str_word_count(reset($_POST)) > 2 && !stristr($body, "cc: ");

If you want even more protection, incorporate something more advanced, like reCAPTCHA.


Q: How do I prevent the bots from triggering emails?
A: As they spider the web, some search engine robots will follow the link in your HTML form causing PERFECT to send an email message with no values.  You can solve this annoyance by sending emails only if at least one form field has a value.

Just before the "mail" line, add a line using the "count()" function as follows:
      if (count($_POST) > 0)
          mail($sendTo, $subjectLine, $msgBody, "From: $sendFrom");


Q: How do I set the From: field to the submitter's email address?
A: Don't.  Doing so creates an easy way for someone to hack into your server by injecting malicious content into your emails.


Q: How do I send an automatic response to the submitter?
A: Don't.  Doing so will give spammers an easy way to use your server to send their spam.  Actually, don't put any user input into the header of the email message as spammers could then inject malicious content into your emails.


Q: How do I add field validation (error checking) to my form?
A: For most websites, simple client-side validation is sufficient.  Client-side validation entails having the user's browser perform the error checking, such as making sure the user entered his or her name, before the data is submitted to PERFECT.  This client-side validation is typically done with JavaScript.  There is no need to modify the PERFECT script unless you have stringent validation needs.


Q: What if I need an older version of PERFECT?
A: You don't.  However, you can dig through the archive for fun or marvel at the amazing logo.