Skip to content

Instantly share code, notes, and snippets.

@irishgeoff20
Created October 5, 2023 04:26
Show Gist options
  • Save irishgeoff20/647be1cb3bfd218d3815fd8d1c2e9919 to your computer and use it in GitHub Desktop.
Save irishgeoff20/647be1cb3bfd218d3815fd8d1c2e9919 to your computer and use it in GitHub Desktop.
html form honeypot
An HTML form honeypot is a technique used to combat form spam, especially automated bot submissions, by adding a hidden field to a web form that should not be filled out by legitimate users. Bots often fill out all fields in a form, including hidden ones, while human users typically don't interact with these hidden fields. When a hidden field is submitted with a value, it indicates that a bot has attempted to submit the form, allowing the server-side script to reject the submission.
Here's how to implement an HTML form honeypot:
1. **HTML Form:**
Start by creating your HTML form with the fields you want, including the honeypot field:
```html
<form action="process_form.php" method="post">
<label for="name">Name:</label>
<input type="text" id="name" name="name" required>
<!-- Hidden honeypot field -->
<input type="text" name="honeypot" style="display: none;">
<input type="submit" value="Submit">
</form>
```
In the above code, a hidden honeypot field is added to the form. Users won't see it because of the `style="display: none;"` attribute.
2. **Server-side Processing:**
In your server-side script (e.g., PHP, Python, or any other server-side language), you should check the value of the honeypot field. If it has a value, it's likely a bot submission, and you can reject the form submission. Here's a simple example using PHP:
```php
<?php
$name = $_POST['name'];
$honeypot = $_POST['honeypot'];
// Check if the honeypot field is not empty (indicating a bot submission)
if (!empty($honeypot)) {
// Handle the bot submission (e.g., log the attempt or display an error)
echo "Bot submission detected.";
} else {
// Process the form data as usual
// ...
echo "Form submitted successfully.";
}
?>
```
If the honeypot field has a value, you can take appropriate action, such as logging the attempt, blocking the submission, or displaying an error message.
Adding a honeypot to your form is a relatively simple and effective way to reduce automated spam submissions, but it's not foolproof. Sophisticated bots may be designed to recognize and avoid honeypot fields. Therefore, it's often a good practice to combine honeypots with other anti-spam measures, such as CAPTCHA challenges or rate limiting.
@irishgeoff20
Copy link
Author

A good way to stop form spam is to use a form backend service like fabform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment