After about 5 dodgy-looking spam entries in my guestbook over the last day, I’ve now deactivated the message field. It can still be seen but does not post a message to the database table–I know that malicious code can be entered through these sorts of message boxes, but at this stage I don’t have the know-how to properly sanitise the input let alone the time (assignment priorities right now!). Anyway, I simply commented out the message parameter in the function that adds records to the database so while the message field can be seen and data has to be entered, it does not populate the database. I figured that should do it for now. I’ve also drastically shortened the amount of characters that can be accepted in the database. The entries originated from here, and I just deleted about 8 spam entries from my blog. Tedious.
Julie
Comments
Urgh. More spam in the guestbook, but it seems my strategies are working. No junk is getting posted in the fields in the database. Over the two days this weekend, I removed about 40 spam entries.
Julie