December 2, 2011

Is it safe to put email addreses in PHP variables against email harvesters?

Question by enchance

Is it safe to use either of these lines without having the emails being picked up by email harvesters?

My email: <a href="mailto:<?php echo 'testing@example.com'; ?>"><?php echo 'testing@example.com'; ?></a>

or this one with variables

<?php $email = 'testing@example.com'; ?>
My email: <a href="mailto:<?php echo $email; ?>"><?php echo $email; ?></a>

or does it even matter for as long as it’s generated by PHP then it’s safe?

Answer by Jeremy Banks

Those will provide no protection at all. PHP is run on the server side. It will generate an HTML document and send it to the client. From the perspective of a bot or a user this is exactly the same as if you had just put the email address in a normal HTML document:

My email: <a href="mailto:testing@example.com">testing@example.com</a>

Answer by Starx

Your both example with give the same HTML output

My email: <a href="mailto:testing@example.com">testing@example.com</a>

and YES it is vulnerable to crawler.

If email address is such of such importance.

Create a contact form, add some captcha and send the form details through PHP, without exposing the email address anywhere in the page.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!