Protecting Email Addresses using php ORD()

Unless you just love getting a ton of spam messages – you will want to ensure that your e-mail address is always protected as much as possible when displaying it online.  There are no 100% full proof ways – but doing simple precautions can be very helpful.

One of the strongest ways to protect email addresses is to simply not put them on a website.  When your users need to contact you include a form that processes the contact request on the backend server.  There are times however when you want to put your email on your site.  Doing it in the most secure fashion while still making it easy for humans to read can often be a challenge.

Below is a script that uses the PHP function ORD() to grab the ASCII value of a text character and render that instead of the actual string.  During rendering the browser does the translating which means that text scraping scripts only get the ASCII value and not the real email address.  ORD() is in essence the opposite of CHR().  ORD() converts a character to an ASCII number while CHR() converts an ASCII number to a character.

function protectEmail($email){
  $output = '';
  $link = 'mailto:'.$email;
  for($i=0; $i

Let’s see what happens when we pass the e-mail “” through the function.  Character by character the text string get’s replaced with an ASCII number representation.  The result ends up being:


The browser sees this text and properly displays it as “”.   When email harvesters run their scripts they will only see the garbled text above.  Generally their scripts are designed to look for the “@” symbol and grab the text found in the near vicinity.  With that symbol now gone it greatly reduces the risk of our email address getting harvested for spam collection.


Posted in , and tagged , .

Leave a Reply

Your email address will not be published. Required fields are marked *