Mailform sends empty mails

[roy0810]

Hello guys,

 

I really hope you can help me out with this annoying problem..

 

On my website I have a simple Mailform.

It works ok.. It sends the input perfectly to my mailbox..

 

BUT,

 

Every now and then.. (once a day) I find a empty form in my mailbox.

Is this the work of a spambot? r is something wrong with my mailform?

 

Really hope you guys can point me in the right direction..

 

Cheers

 

<?php

/* Titel en send to email adres */

$emailTitle = '*****';
$webMaster = 'XXX@XXX.com';

/* Textfield namen */

$naamField = $_POST['naam'];
$bedrijfField = $_POST['bedrijf'];
$emailField = $_POST['email'];
$telefoonField = $_POST['telefoonnummer'];
$opmerkingenField = $_POST['vraag'];

$body = <<<EOD
<br><hr><br>
Naam: $naamField <br>
Bedrijf: $bedrijfField <br>
Email: $emailField <br>
Telefoon: $telefoonField <br>
Opmerkingen en vragen: $opmerkingenField<br>
EOD;

$headers = "From: $emailField\r\n";
$headers = "Content-type: text/html\r\n";
$success = mail($webMaster,$emailTitle,$body,$headers);

$theResults = <<<EOD

 

[Deoctor]

dude is this ur form completely..??

if yes then your are in serious trouble..

 

even if no ones enters anything in the form and click on send it will send mails to you.. this is the reason u are getting blank mails...

r u checking some where abt the blank fields..??

paste the entire code so that we can help you out.

 

[roy0810]

Sorry...

 

This is the HTML that belongs to it.

 

In the head part of the html:

 

<script type="text/javascript">
<!--
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' is geen geldig email adres.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' mag alleen getallen bevatten.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' invullen aub!\n'; }
    } if (errors) alert('Sorry!\n'+errors);
    document.MM_returnValue = (errors == '');
} }
//-->
</script>

 

The last field of the form looks like this:

 

><label><input name="verzenden" type="submit" id="verzenden" onclick="MM_validateForm('naam','','R','bedrijf','','R','email','','RisEmail','tel','','NisNum','mobiel','','NisNum','vraag','','R');return document.MM_returnValue"  value="Verzenden" />
                 		</label>

[Deoctor]

can u post the entire code of urs...

not the parts

[PFMaBiSmAd]

Your form processing code is NOT even checking if any form was submitted. Every time the page is requested, either by a search engine spider or a spam bot script, it will send an empty email or in the case of a spammer, it will send an email with the data that the spammer posted to your code.

 

At a minimum, you need to check if the submit button is set -

 

if(isset($_POST['verzenden'])){
// your form processing code here...

}

 

Also, your form processing code is not validating any of the form data that reaches the server after it is submitted. Javascript form validation ONLY helps legitimate visitors that actually goto your form page. Search engine spiders and spam bot scripts request your form processing page directly and don't care what you do on your form page. You must validate all external data when it is processed on the server.

[roy0810]

Heey.. thanks for your input!

 

Only problem here is that I'm a really noob with php..

Normally this is not what I do on the websites.. But in this case

i'm stuck with this work..

 

So. Not only I dont have a clue of what your saying and I'm not even aware of

where to put the --issset part your script..

 

Maybe, if you want you can help me more specific.. 

 

 

Cheers

 

 

[Deoctor]

<?php
/* Titel en send to email adres */
$emailTitle = '*****';
$webMaster = 'XXX@XXX.com';
/* Textfield namen */
$naamField = $_POST['naam'];
$bedrijfField = $_POST['bedrijf'];
$emailField = $_POST['email'];
$telefoonField = $_POST['telefoonnummer'];
$opmerkingenField = $_POST['vraag'];
$body = <<<EOD
<br><hr><br>
Naam: $naamField <br>
Bedrijf: $bedrijfField <br>
Email: $emailField <br>
Telefoon: $telefoonField <br>
Opmerkingen en vragen: $opmerkingenField<br>
EOD;
$headers = "From: $emailField\r\n";
$headers = "Content-type: text/html\r\n";
$success = mail($webMaster,$emailTitle,$body,$headers);
$theResults = <<<EOD

 

this one u modify it as

 

<?php
if(isset($_POST['verzenden'])){
/* Titel en send to email adres */
$emailTitle = '*****';
$webMaster = 'XXX@XXX.com';
/* Textfield namen */
$naamField = $_POST['naam'];
$bedrijfField = $_POST['bedrijf'];
$emailField = $_POST['email'];
$telefoonField = $_POST['telefoonnummer'];
$opmerkingenField = $_POST['vraag'];
$body = <<<EOD
<br><hr><br>
Naam: $naamField <br>
Bedrijf: $bedrijfField <br>
Email: $emailField <br>
Telefoon: $telefoonField <br>
Opmerkingen en vragen: $opmerkingenField<br>
EOD;
$headers = "From: $emailField\r\n";
$headers = "Content-type: text/html\r\n";
$success = mail($webMaster,$emailTitle,$body,$headers);
$theResults = <<<EOD
}

[roy0810]

Thank you ....

 

I'll try this and see if it worked!