I've caught the dreaded spam. Yes it had to happen one day. First I clued up and HTML entitied my stuff. Good start. It still doesn't stop the spam, it just tops XSS. Then I did some hidden fields, one hidden by JS (Jquery to be precise) another by CSS. It might stop some spam, but a lot of spam expects this old fashioned solution. Some can even read JS now-a-days. See xrumer.
Anyway, I noticed that a lot of the spam contains a variety of URLs. I see no reason for any of the customers to be sending me URLs. I think I'd be lenient enough to allow 1 URL, but I'd like to count if there are more and then say... nope you can't be sending me that I get far too many emails.
So I can handle the if statement to stop it sending, but I don't know:
How can I count how many URLs are in each input? I must be Googling the wrong thing because I can't find it but surely this is a common problem?
Thanks in advance,