Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / PHP form processing help

Author
Message
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 4th Nov 2009 02:59
Link
I know someone here is a PHP wizard, but I can't remember who it is. I have a small issue with a mail processing script that I use on multiple websites, and could use a little input. Here's what's going on:

Every once in a while I receive an empty contact form email. I just ignored them, as there were very few, but lately some other clients have voiced concern over it thinking that they may be missing a valid request.

The email arrives properly formated by the script, but the values are empty...

for example... Name:

and there is no name. The value checking is done with JS on the contact page, and you cannot submit the form without filling in the values. I have recently realized that this is happening because people are trying to access the php script directly. When they do, it of course executes instead of displaying, but there are no values to send along.

How can I stop the php script from sending if directly accessed?

Brian.

Back to top
Profile PM
hyrichter
21
Years of Service
User Offline
Joined: 15th Feb 2004
Location: Arizona
Posted: 4th Nov 2009 03:08 Edited at: 4th Nov 2009 03:08
Link
You could simply check to see if the values are set or not. If the name isn't filled out, just redirect back to the form page:

Something like that should do the trick.

CodeSurge
Version 1.0 finally released! Code your DBP projects in style. (And save the kittens!)
Back to top
Profile PM Email
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 4th Nov 2009 03:20 Edited at: 4th Nov 2009 03:21
Link
hyrichter,

Thank you very much. That works very nicely. Have a great day.

EDIT: Added beer.

Brian.

Back to top
Profile PM
crispex
17
Years of Service
User Offline
Joined: 22nd Jun 2007
Location:
Posted: 4th Nov 2009 05:07
Link
You can also use JavaScript and AJAX to do this task without having to even refresh, meaning the minute someone hits the button it will check to see if all form fields are filled out. I can make some simple code if you would like.

Temporarly away from the Phoenix Sentry.
Back to top
Profile PM
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 4th Nov 2009 07:34
Link
If you're only checking if the fields have all been filled out, you don't even need AJAX at all, only JS. If you're trying to validate data against a known source, then you would need AJAX.

Back to top
Profile PM Email Website
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 4th Nov 2009 14:08
Link
Thanks guys, but the JS validation works just fine and won't allow the user to submit if the fields are not filled. As stated above, the problem was that people were trying to access the PHP script directly (not the form page) by typing it's address into the browser, and bypassing the form completely. If your PHP is weak, they can use your code to send emails like a personal mail server. My code was fine and would not allow this, but did execute when accessed.

Anyway, hyrichter's code fixed the problem.

Thanks again.

Brian.

Back to top
Profile PM
crispex
17
Years of Service
User Offline
Joined: 22nd Jun 2007
Location:
Posted: 4th Nov 2009 14:35
Link
Quote: "If you're only checking if the fields have all been filled out, you don't even need AJAX at all, only JS. If you're trying to validate data against a known source, then you would need AJAX."


Yea, but AJAX makes it all look nice when it does it (such as fading effects). Sorry, I always have to go above and beyond when coding webs.

Temporarly away from the Phoenix Sentry.
Back to top
Profile PM
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 4th Nov 2009 16:19
Link
Quote: "Thanks guys, but the JS validation works just fine and won't allow the user to submit if the fields are not filled."


You should *always* have server validation on top of client-side. If the user disables JavaScript then they can get through your form. If you do some PHP validation on top then you have an extra level of security.


Senior Web Developer - Nokia
Back to top
Profile PM Website
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 4th Nov 2009 18:31
Link
Not sure a fading effect of the page would have anything to do with ajax. But maybe I just misunderstand what you do.

Back to top
Profile PM Email Website
demons breath
21
Years of Service
User Offline
Joined: 4th Oct 2003
Location: Surrey, UK
Posted: 4th Nov 2009 18:50
Link
Quote: "If your PHP is weak"


Made me smile - Your PHP is strong young Jedi...

"The fools may crash down upon us in thunderous waves, but we shall Jeku slap them back from whence they came"
-BiggAdd Oct 28th 2009
Back to top
Profile PM Website
xplosys
19
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 4th Nov 2009 21:15
Link
Quote: " If the user disables JavaScript then they can get through your form."


Thanks. The PHP script is not on the form page.

Brian.

Back to top
Profile PM
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 4th Nov 2009 22:34
Link
Quote: "Not sure a fading effect of the page would have anything to do with ajax. But maybe I just misunderstand what you do."


Yah, I was going to say. Libraries like Scriptaculous have built-in effects features, but AJAX is a method of sending and retrieving messages to the server asynchronously and without having to refresh the page. AJAX itself doesn't have anything to do with visual effects.


Senior Web Developer - Nokia
Back to top
Profile PM Website
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 4th Nov 2009 22:48
Link
Like Jeku says you should always do server side validation aswell as javascript validation. Lots of users don't have javascript turned on for whatever reason, so they can just go to your form and submit it without filling anything in. There are also LOTS of automated bots out there that crawl websites, put spammy text and web addresses in any form fields and submit the form, all automatically.

Boo!
Back to top
Profile PM Website
Phaelax
DBPro Master
22
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 5th Nov 2009 10:38
Link
9 times outa 10, form submissions get put into a database. You had better do server-side validation else you're prone to corruptible data, code injection, and possibly page hijacking.

Back to top
Profile PM Email Website
crispex
17
Years of Service
User Offline
Joined: 22nd Jun 2007
Location:
Posted: 5th Nov 2009 22:55
Link
Here, a handle sanitize function that our guys coded for eoCMS.



We are proud to say we and eoCMS has never been hacked. (eoCMS is the content management system we've been working on.)

Temporarly away from the Phoenix Sentry.
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2025-05-25 17:42:47
Your offset time is: 2025-05-25 17:42:47