Geek Answers Handbook

I received a blank letter from my comment form on my website

I am new to HTML and php (all).

I got 4 types of fields (comment form):

  • select one from the list (option tags)

  • enter text (e.g. name)

  • Enter your comment (textarea)

  • (check all or one or nothing)

I have Javascript (deny blank name and email address):

<script> function validateForm1() { var x = document.forms["form_contact"]["name"].value; if (x == null || x == "") { alert("Name must be filled out"); return false; } var x = document.forms["form_contact"]["email"].value; if (x == null || x == "") { alert("Email must be filled out"); return false; } } </script>

I have a language field and you select a language from it. I also have a website in three languages, one of which is in English. Those in English have separate php files.

Language field for website:

 <option></option> <option>thai language written in thai and then thai language written in english</option> <option>english language written in thai and then english language written in english</option> <option>mandarin language written in thai and then mandarin language written in english</option>

my php for Thai form (I have a function to search for English words and send English words to my email address, since not everyone can read Thai):

 $language = $_POST['language']; if (strpos($language, 'English')){ $language = "English"; }elseif (strpos($language, 'Chinese')){ $language = "Chinese"; }else{ $language = "Thai"; }

As you may have noticed that a person does not choose a language, he will be Thai because of the if function.

I tested comment forms in the past and they worked. Recently, I began to receive emails that are almost empty or completely empty. Typically, 2 emails (the type of email I just mentioned) will arrive simultaneously.

What do these emails have in common:

  • the flag was never pressed

  • where u can enter words to fill always blank

  • only 2 things you can see are two selection fields selected at the same time during the same presentation, and then the second feed I received will be an email, even if no choices are made.

Things I don't understand:

  • I have a java script to not have anything in the email and name fields, but for some reason, emails are still sent to me with an empty name and email?

  • Why do these letters arrive at the same time?

  • should not be the language associated with the if function, but I would accept it because in my English php form it does not have an if function (I forgot to put it) and therefore emails called aren 't from the same form. Probably one of the English form and one of the Chinese form at the same time.

  • Is this some kind of bot? spam? or is Google checking my site?

+5
source share
2 answers

This particular request was with a browser that has Javascript disabled, and all of your checks are client-side Javascript only, so the blank form was submitted just fine. Plain!

Your answer to all 4 questions is to also add server side validation (in this case PHP)

for instance

 if(empty($_POST["name"])) { die("You did not enter a name, we can not send email"); }

Same for other fields

Once you do this, you will notice that bots can still submit your form sometimes with SPAM / fake information (although the problem with empty information will be resolved). At this point, please find something known as CAPTCHA

Consider checking server / client side as Gaurd at the beginning of your street and in your main castle. Just because there is usually a security guard on your entrance street, you cannot leave your door open all the time, thinking about its security. You have to make sure that only the right people will enter your house at your door, regardless of this guard.

+5
source

this code can be used more specifically if you avoid a space in the post value and then use the trim function

 if(empty(trim($_POST["name"]))) { echo 'Please enter your name'; die(); }
0
source

More articles:


All Articles