December 2, 2011
Is it safe to put email addreses in PHP variables against email harvesters?
Question by enchance
Is it safe to use either of these lines without having the emails being picked up by email harvesters?
My email: <a href="mailto:<?php echo 'testing@example.com'; ?>"><?php echo 'testing@example.com'; ?></a>
or this one with variables
<?php $email = 'testing@example.com'; ?>
My email: <a href="mailto:<?php echo $email; ?>"><?php echo $email; ?></a>
or does it even matter for as long as it’s generated by PHP then it’s safe?
Answer by Jeremy Banks
Those will provide no protection at all. PHP is run on the server side. It will generate an HTML document and send it to the client. From the perspective of a bot or a user this is exactly the same as if you had just put the email address in a normal HTML document:
My email: <a href="mailto:testing@example.com">testing@example.com</a>
Answer by Starx
Your both example with give the same HTML output
My email: <a href="mailto:testing@example.com">testing@example.com</a>
and YES it is vulnerable to crawler.
If email address is such of such importance.
Create a contact form, add some captcha and send the form details through PHP, without exposing the email address anywhere in the page.