Preventing users from modifying default email id from field

[dileepd26]

Sir/ Madam, I have 2 files, Ex: submit-mail.htm & send-mail.php, which is used to send mail using my webmaster account..htm file is used to send mail to someone using my webmaster email account. Now .htm file shows a blank field to input email id. someone@somewhere.com, etc,. anyone can misuse it.I need to prevent users from modifying default email field, i need to put info@ambtion.com at this place.We appreciate all positive response. Thank you in advance..submit-mail.htm source is below.<html><head><title>Mail sender</title></head><body><form action="mail.php" method="POST"><b>Email</b><br><input type="text" name="email" size=40><p><b>Subject</b><br><input type="text" name="subject" size=40><p><b>Message</b><br><textarea cols=40 rows=10 name="message"></textarea><p><input type="submit" value=" Send "></form></body></html>send-mail.php source is below.<html><head><title>PHP Mail Sender</title></head><body><?php/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */$email = $HTTP_POST_VARS['email'];$subject = $HTTP_POST_VARS['subject'];$message = $HTTP_POST_VARS['message'];/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) { echo "<h4>Invalid email address</h4>"; echo "<a href='java script:history.back(1);'>Back</a>";} elseif ($subject == "") { echo "<h4>No subject</h4>"; echo "<a href='java script:history.back(1);'>Back</a>";}/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */elseif (mail($email,$subject,$message)) { echo "<h4>Thank you for sending email</h4>";} else { echo "<h4>Can't send email to $email</h4>";}?></body></html>

[thescientist]

I'm not sure what you're asking. If you don't want someone to modify, why even show it on the page? You can define the email address to send the emails to within the PHP page by hardcoding it.

[wirehopper]

<input type="text" name="email" size=40 value="someone@domain.com" />Your form is going to get abused by spammers.Add some CAPTCHA or other protection.

[niche]

wirehopper, thanks for mentioning CAPTCHA. I've always wondered where the human test was called.Niche

[birbal]

<input type="text" name="email" size=40 value="someone@domain.com" />Your form is going to get abused by spammers.Add some CAPTCHA or other protection.

can any one please tell me what is the other protection rather than captcha?

[Synook]

For example, flood control, so that people from one IP cannot post above a certain rate.

[wirehopper]

You can also add a hidden input - spam bots will usually complete the input, humans won't.

[dileepd26]

Sir, I am new to php coding, by mistake email field is visible to others, i need only 1 id there to receive mail, not blank field, see source code, tell me how to correct it to prevent spammers. We appreciate all positive response. Thank you in advance..

[Synook]

thescientist gave you the answer - just hardcode it into the script that sends the email.

[birbal]

what about using token with form?