Elemental Posted November 23, 2008 Share Posted November 23, 2008 Hey Folks, Not sure if this is the correct forum for this post, sorry if it's not and please let me know wher it should go.I've been working with a friend, helping him as I'm learning, to put up his site and he sent me the following; he received it as an email from his web based form: Sent_From: Soups_Pageaddress: IsCuMxfJWhgmySwamount: 8city: GKrobVEmhBsxJVgGShbemail: nsiwho@hhtjwy.comfirstName: qjjsybcjlastName: qjjsybcjmessageBox: pyBn9A <a href=\"http://zyjuppuplozo.com/\">zyjuppuplozo</a>, [url=http://eqhiacduldlp.com/]eqhiacduldlp[/url], [link=http://eixdkbtfqkyb.com/]eixdkbtfqkyb[/link], http://wqejnetxelsg.com/state: CTzip: VnEtl The form has an external javascript based validation script that requires the fields to be filled in, and also validates the email.So my question(s):How do I stop garbage like this from getting through?Would one of those graphic validating required fields (I don't know what you call them) help in preventing this from happening?What can I do / need to do, aside from learning more, to help him with this?The website, in case you want to look at the web form, forms are not very pretty, is: http://www.soupkitcheninc.com/contactUs.phpAny suggestions would be great.PeaceElemental Link to comment Share on other sites More sharing options...
Ingolme Posted November 23, 2008 Share Posted November 23, 2008 Use PHP based validation, javascript can be deciphered by robots, or simply ignored.The methods of detecting robots are called CAPTCHA.A simple way to stop a robot is to ask a question that only humans would know. Have several questions that rotate randomly every time you refresh the page so that they can't just get it by testing thousands of random combinations.In order to know which question was asked put a hidden input with the number of the question displayed (All this is done with PHP). On the server side you can compare the answer given by the user to the answer corresponding to the question number. Link to comment Share on other sites More sharing options...
Elemental Posted November 24, 2008 Author Share Posted November 24, 2008 Use PHP based validation, javascript can be deciphered by robots, or simply ignored.The methods of detecting robots are called CAPTCHA.A simple way to stop a robot is to ask a question that only humans would know. Have several questions that rotate randomly every time you refresh the page so that they can't just get it by testing thousands of random combinations.In order to know which question was asked put a hidden input with the number of the question displayed (All this is done with PHP). On the server side you can compare the answer given by the user to the answer corresponding to the question number.Ingolme, Thank you for the reply,Here's the thing, he got help from some that changed the site to PHP, but all that was done, from what I can see, was to change all the HTML ext to PHP.Granted, I don't know squat about PHP but I would think that there would be more than just that. The site is hosted by Godaddy and they have what I gather is a generic PHP form, the forms name and path are on the forms action field with post being the method, would this not be the correct way of doing it?So I take it I would need to learn PHP or find some one that does and place the forms validation on the server side of things?Do you know of any tutorials I can start reading so I can begin to grasp the PHP form validation method you suggested?Would I still use the javascript to locally validate the form or remove it once the PHP is in place?Sorry for all the questions Ingolme, any further help or suggestions would be appreciated.Peace,Elemental Link to comment Share on other sites More sharing options...
Ingolme Posted November 24, 2008 Share Posted November 24, 2008 You can use Javascript to validate the form beforehand, just to not make the user wait as long, but you have to have a PHP one just in case the Javascript fails or they have it disabled.This is W3Schools, the best place to learn the basics is on this website, here's a pointer to the most important part of processing forms in PHP:PHP $_POSTWhile you're at it, if you don't know much about PHP you can look through the rest of the tutorial. You need to know about variables, if() conditions and other things in order to validate forms. Link to comment Share on other sites More sharing options...
Elemental Posted November 24, 2008 Author Share Posted November 24, 2008 You can use Javascript to validate the form beforehand, just to not make the user wait as long, but you have to have a PHP one just in case the Javascript fails or they have it disabled.This is W3Schools, the best place to learn the basics is on this website, here's a pointer to the most important part of processing forms in PHP:PHP $_POSTWhile you're at it, if you don't know much about PHP you can look through the rest of the tutorial. You need to know about variables, if() conditions and other things in order to validate forms.Ingolme, Gracias amigo, much appreciated.Peace,Elemental Link to comment Share on other sites More sharing options...
Jerry62704 Posted December 2, 2008 Share Posted December 2, 2008 http://www.w3schools.com/sitemap.aspFree PHP tutorial. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.