www.webdeveloper.com
Results 1 to 4 of 4

Thread: Form validation when javascript is disabled

  1. #1
    Join Date
    Feb 2014
    Posts
    16

    Form validation when javascript is disabled

    Hey,

    Just wondering if anyone can help me with form validation when Javascript is disabled?

    HTML Code:
    <div class="form">
    
    
        <!-- Form Code Start -->
        <form class="contactForm" method="post" action="contact-form-mailer.php">    
    
          <fieldset>
            <div class="details details-left">
                <label for="Name">Name *</label>
                <input class="validate[required,length[0,100]] text-input" type="text" name="Name" id="Name" />
            </div>
    
            <div class="details">
                <label for="Email">Email *</label>
                <input class="validate[required,custom[email]] text-input" type="email" name="Email" id="Email"/>
            </div>
    
            <div class="details details-left">
                <label for="Phone">Phone *</label>
                <input class="validate[required,custom[telephone]] text-input" type="text" name="Telephone" id="Telephone" />
            </div>
    
            <div class="details">
                <label for="message-title">Message Title:</label>
                <input type="text" name="Subject" id="Subject" />
            </div>
          </fieldset>
    
          <fieldset>
            <div class="message">
                <label for="message">Message:</label> 
                <textarea rows="10" cols="50" class="validate[required,length[1,1000]] text-input" name="Enquiry" id="Enquiry"></textarea>
            </div>
          </fieldset>
    
          <fieldset>
                <input class="submit" name="submit" type="submit" value="Submit"/>
          </fieldset>
    
        </form>
    </div>

    PHP Code:
    <?php
    // Initialise the content string

    if(isset($_POST['submit']))

    $Name $_POST['Name'];
    $Email $_POST['Email'];
    $Telephone $_POST['Telephone'];
    $Subject $_POST['Subject'];
    $Enquiry $_POST['Enquiry'];

    $to "info@beckybramwell.com"// your own E-mail address
    $subject "Website - Enquiry";


    $mailContent "Name: $Name\n" "Email: $Email\n" "Telephone: $Telephone\n" "Subject: $Subject\n" "Message: $Enquiry";


    $subject2 "Thanks for your message";
    $respondmailContent "Thank you for getting in touch! I will respond to your message as soon as possible. If you wish for a faster response, call me on 07512 585 349.";

    $headers "From: $Email"\r\n" .
    "Reply-To: $Email"\r\n" .
    "X-Mailer: PHP/" phpversion();

    $headers2 "From: info@beckybramwell.com" "\r\n" .
    "Reply-To: info@beckybramwell.com" "\r\n" .
    "X-Mailer: PHP/" phpversion();

    mail($to$subject$mailContent$headers);
    mail($Email$subject2$respondmailContent$headers2);

    header('Location: thankyou.php');
    exit();

    ?>


    Thanks in advance!

  2. #2
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,213
    You would be better off asking in the PHP forum.

    To be quick, you need a function that will sanitize your inputs in to a variable that you can then refer to knowing that the data in the variable is safe.

    Foe example...
    PHP Code:
    function sanitize($variable){
        
    // do some sanitizing, only one option here to demonstrate...
        
    $variable stripslashes($variable); // strip slashes from data
    return $variable;
    }


    $safePOST = array("Name"=>"","Email"=>"","Telephone"=>"","Subject"=>"","Enquiry"=>"");
    foreach(
    $safePOST as $key=>$c){
        
    $safePOST[$key] = isset($_POST[$key])? sanitize$_POST[$key] ) : false;

    The safePOST array will contain data that is safe to use and it also acts like a whitelist of what fields you are expecting.

    You will need to sort out what you want to do in the sanitize array to suit your needs as well as control for what you want to do if a field fails any validation you will be using
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  3. #3
    Join Date
    Feb 2014
    Posts
    16
    Brilliant, thanks! I'll give this a go when I get chance

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,213
    Thats ok, as long as you understand that it is just a rough idea, you do need to add some form of security to the sanitize function and that you do need to do a bit more than just blindly accept a form.

    I suggest that you add a check to ensure that your script received the form and the script is not processing push data from a web bot or a brute force attempt to find a weakness.

    I also suggest that you have a couple of hidden fields that is something like

    HTML Code:
    <input type="hidden" name="login" value="" readonly />
    <input type="hidden" name="pass" value="" readonly />
    which you also check, a web bot is not interested in if a field is hidden or readonly or not, it will see the name of login and pass and it will be programmed to assume that they are what they say they are (bit like a honey trap) and you can check that the fields are also present and also empty!!! If they are not then you know something is wrong and your script could then reject the submission

    I also advise that when you detect anything hinkey going on that your script monitors the IP address and part of your checks are made to see if you have logged the IP address and number of attempts, if they are persistent then your script does not process but dumps the user at an empty page.

    I had a web login page that would accept any log in attempt, it recorded the users IP address and simply left the user at a page thanking them for logging in, then a legitimate user would know where to go whereas anyone else would be left scratching their heads or if they were a bot then it would be apparent from the number of attempts in a specific time and all they would get is a blank screen treatment.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles