Jump to content

[SOLVED] Form robots/bots disturbing me! How to prevent ?

plodos

By plodos
in PHP Coding Help

 Share

Recommended Posts

plodos Regular Member

plodos

Posted
Posted 

<?php
include("dbconfig.php");

if(empty($_REQUEST['title']) && empty($_REQUEST['name']) && empty($_REQUEST['surname']) && 
empty($_POST['email']) && empty($_POST['country']) && empty($_POST['university']) && empty($_POST['university_dept']) &&
empty($_POST['phone']) && empty($_POST['committee']) && empty($_POST['research']) && empty($_POST['address']))
{
header("Location: /committee.html");
exit();
}
else {

	if(isset($_POST['Submit'])) {

	$title=trim(mysql_real_escape_string($_POST['title']));
	$name =trim(mysql_real_escape_string($_POST['name']));
	$surname = trim(mysql_real_escape_string($_POST['surname']));
	$email = trim(mysql_real_escape_string($_POST['email']));
	$country = trim(mysql_real_escape_string($_POST['country']));
	$university = trim(mysql_real_escape_string($_POST['university']));
	$university_dept = trim(mysql_real_escape_string($_POST['university_dept']));
	$phone=mysql_real_escape_string($_POST['phone']); 
	$fax = mysql_real_escape_string($_POST['fax']);
	$committee = trim(mysql_real_escape_string($_POST['committee']));
	$research = trim(mysql_real_escape_string($_POST['research']));
	$address = trim(mysql_real_escape_string($_POST['address']));
	$date = date("Y-m-d H:m:s");



	$sql = mysql_query("SELECT * FROM person WHERE email='$email'");
	if(mysql_num_rows($sql) < 1){

                 $add_person= mysql_query(" INSERT INTO person (title,fname,lname,email,country,university,university_dept,phone,fax,research_field,address,date,committee_no) VALUES ('$title','$name','$surname','$email','$country','$university','$university_dept','$phone','$fax','$research','$address','$date','$committee')  "); 

                 if($add_person)
                 {
                    if($committee=="1")
                    {
                    header("Location: /NaturalandAppliedSciences.php");
                    }
                    
                     if($committee=="2")
                    {
                    header("Location: /HealthandMedicalSciences.php");
                    }
                    
                     if($committee=="3")
                    {
                    header("Location: /HumanitiesandSocialSciences.php");
                    }
                 }
        }
        else
	{
		echo "<p>Error : The email address [$email] already exists in our database. Thank you for your registration.</p>";
	}
}
}
?>

that script is adding the from variables in the database.

but there are lots of fake records in my database.

im using javascript for form validation.

 

how can I prevent form bots?

 

country commitee  title variables coming from the combobox

others from textbox

 

for ex. entities

 	
name = bqnomuv  	
surname = bqnomuv  	
....and aothers....
emkoln@nxqsvs.com  	
MA  	
kpIzfkAVPJKuX  	
wtkuGsbQ  	
723235174  	
htdZUFcoeEkaWa  	
p2La3W  <a href=\"http://nriakpmproxe.com/\">nriak...  	
p2La3W  <a href=\"http://nriakpmproxe.com/\">nriak...  	
2009-01-02 19:01:18 

GingerRobot Regular Member

GingerRobot

Posted
Posted

1.) im using javascript for form validation.

 

Solely relying on javascript for form validation is always a bad idea. What about users who turn it off? You should always back up client side validation which may be done to improve the user experience with server side validation.

 

2.) To prevent bots, you could use a captcha. You'll find plenty of tutorials or existing scripts if you google. Alternatively, you could set a hidden field in your page. Users will never see it and thus wont fill it in. The majority of bots wouldn't realise it was hidden so will fill it in. You can then set up your script to only process the rest of the form if this field isn't filled in.

 

You could also check the user agent data.  But that will only slightly help.

 

Or probably not at all. I can't imagine too many bots being sent out with a spurious user agent being specified.

flyhoney Member

flyhoney

Posted
Posted

You add an empty hidden form field, and most likely the BOT will fill it with some value.  So check the form field in the PHP code for a value, and you know it was a bot.

 

But, it is probably better to hide the form field with CSS instead of making it type="hidden".

revraz Member

revraz

Posted
Posted

It won't take anytime at all.  Just change it to .php and then add whatever php code you want.  You don't have to recode any of the HTML.

 

50% of website has HTML pages , if I change .html to .php it will take lots of time

 

at first I will try to put a hidden field :s if it is not work i try to use captcha

 

thnx for everything!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.