www.webdeveloper.com
Results 1 to 6 of 6

Thread: Don't send form if field contains a value

Hybrid View

  1. #1
    Join Date
    Jun 2008
    Location
    London
    Posts
    175

    Don't send form if field contains a value

    Hi all, I appreciate that there is information on the web about this but I'm getting confused by the complexity of the PHP scripts (mine are usually simple as below). I'm just looking for a bit of javascript that will prevent a form from being sent if a bot fills in the hidden 'validate' field. Any help is really appreciated as I'm getting a lot of spam at the moment, which I'm told a hidden field will prevent? Thanks guys

    <form name="test" action="process.php" method="post">
    <input name="validate" type="hidden" />
    <input name="name" type="text" />
    <input name="email" type="text" />
    <textarea name="message" cols="" rows=""></textarea>
    <input name="submit" type="submit" value="Submit">
    </form>

    ---------------------
    <process.php>

    $emailSubject = 'Message From Website';
    $webMaster = 'xxx@xxx.com';

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $body = <<<EOD

    Customer Name: $name <br><br>
    Email Address: $email <br><br>
    Message: $message
    EOD;

    $headers = "From: $email\r\n";
    $headers .= "Content-type: text/html\r\n";
    $string=nl2br($string);
    $success = mail($webMaster, $emailSubject, $body, $headers);

  2. #2
    Join Date
    Mar 2009
    Posts
    507
    Just to make it easier, give your form and hidden input id's, such as 'myForm' and 'isHid'
    After the page is loaded, and not before then, run this:

    Code:
    function setVal(){
       var frm = document.getElementById('myForm');
       frm.onsubmit = function(){
          var val, field = document.getElementById('isHid');
          val = field.value;
          if( val === null || val === undefined || val === ""){
              return true;
          }
          return false;
      }
    }

  3. #3
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    this should work:
    Code:
    <input name="validate" type="text" style=display:none pattern=""  />
    but, bots don't typically use browsers to do their spamming, they sniff the form and use php or python or whatever to set the fields and make the POST to the action url.

  4. #4
    Join Date
    Jun 2008
    Location
    London
    Posts
    175
    Thanks for the info guys Is there a better way to approach this, while keeping things simple? I'd rather not use a captcha as my form slides in within a fairly small DIV

  5. #5
    Join Date
    Mar 2009
    Posts
    507
    Actually I would do this on the server side. Since real users can't see the "hidden" input, just have the server script reject it if it does indeed have a value other than an empty string.

    But just to be mean, send the bot a message that the registration has been successful. That ought to help pollute their database.

  6. #6
    Join Date
    Jul 2008
    Location
    urbana, il
    Posts
    2,787
    a simple challenge-response works well, since most spammers don't use HTML or JS to send, but only to find server APIs that use form interaction.

    you can set an input to say "5 * 5", and on the client, eval() the input value, and set the value back to the result: 25.
    if the hidden field comes back with anything other than the correct answer, drop it.
    i suggest this math because it's simple to code in a randomized way, and it's simple for the JS to correctly set.
    you can even un-hide the inputs to let folks without JS enable submit (as long as their math skills are even halfway decent).

    if you want to reduce spam, and you are requiring JS to submit (sounds like its going that way), try killing the <form> altogether.
    you can create the same form in the same place with en external javascript that will be skipped over by spambots whole only sniff HTML to find open servers.
    Last edited by rnd me; 03-28-2013 at 04:39 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles