dragon42tt Posted March 23, 2016 Share Posted March 23, 2016 Hi everyone.I read somewhere that Google crawler triggers the contact form to send blank emails.I believe a validation of the fields will stop this from happening, but I couldn't solve this problem to save my life, my php skills are very poor.Here is the code, I hope someone can help, any help is appreciated. <?php ob_start(); session_start(); include('class.phpmailer.php'); include('admin/includes/config.php'); $name=isset($_POST['name']) ? addslashes($_POST['name']) : ''; $email=isset($_POST['email']) ? addslashes($_POST['email']) : ''; $phone=isset($_POST['phone']) ? addslashes($_POST['phone']) : ''; $comment=isset($_POST['comment']) ? addslashes($_POST['comment']) : ''; $row=mysql_fetch_array(mysql_query("SELECT * FROM `fds_tbladmin` WHERE `id`='1'")); $admin_email=$row['email']; $Subject1 ="Someone Has Contacted You"; $TemplateMessage.="<br/><br />Hi Admin"; $TemplateMessage.=""; $TemplateMessage.="<br><br>"; $TemplateMessage.=" Name :".$name; $TemplateMessage.="<br><br>"; $TemplateMessage.="Email :".$email; $TemplateMessage.="<br><br>"; $TemplateMessage.="Phone :".$phone; $TemplateMessage.="<br><br>"; $TemplateMessage.="Comment :".$comment; $TemplateMessage.="<br><br><br/>Thanks & Regards<br/>"; $TemplateMessage.="Flash Driving School"; $TemplateMessage.="<br><br><br>This is a post-only mailing. Replies to this message are not monitored or answered."; $mail1 = new PHPMailer; $mail1->FromName = "flashdrivingschool.com"; $mail1->From = "info@flashdrivingschool.com"; $mail1->Subject = $Subject1; $mail1->Body = stripslashes($TemplateMessage); $mail1->AltBody = stripslashes($TemplateMessage); $mail1->IsHTML(true); $mail1->AddAddress($admin_email,"flashdrivingschool.com");//info@salaryleak.com $mail1->Send(); header('location:thankyou.php'); exit(); ?> Quote Link to comment Share on other sites More sharing options...
iarp Posted March 23, 2016 Share Posted March 23, 2016 Nowhere in there are you checking to see if nothing was submitted. Typically you'd want to wrap the form processing code in something like if (isset($_POST['submit'])) Which will check to see if the submit button was clicked, at which point you know it's time to process the form. Otherwise it means someone landed on the page somehow and didn't mean to, so there's no reason to run the form processing. 1 Quote Link to comment Share on other sites More sharing options...
maxxd Posted March 23, 2016 Share Posted March 23, 2016 You're not actually validating any of the submitted fields. Just because a value is set in $_POST doesn't mean it's not empty or a blank string, nor does it mean that the field doesn't contain additional mail headers (allowing an unscrupulous user to use your contact form the send spam). I suggest you do some research into data validation, sanitizing, and escaping - it'll make life better for everyone involved. Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 23, 2016 Author Share Posted March 23, 2016 You're not actually validating any of the submitted fields. Just because a value is set in $_POST doesn't mean it's not empty or a blank string, nor does it mean that the field doesn't contain additional mail headers (allowing an unscrupulous user to use your contact form the send spam). I suggest you do some research into data validation, sanitizing, and escaping - it'll make life better for everyone involved. Hi, The website was created by someone else so I have no idea why it was done this way, and also as I mentioned I have no clue about php or any coding, so I don't really understand what you mean, I'm just wondering if there's a simple code I can use to fix this problem, In the meanwhile I will try the "(isset($_POST['submit']))" suggested by iarp above. Thanks. Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 23, 2016 Author Share Posted March 23, 2016 Nowhere in there are you checking to see if nothing was submitted. Typically you'd want to wrap the form processing code in something like if (isset($_POST['submit'])) Which will check to see if the submit button was clicked, at which point you know it's time to process the form. Otherwise it means someone landed on the page somehow and didn't mean to, so there's no reason to run the form processing. Where would I enter that piece of code ? Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 24, 2016 Author Share Posted March 24, 2016 Also if you check out my website http://wwww.flashdrivingschool.co.uk if any fields are empty it doesn't allow you to submit anyway, so I guess there is some sort of validation, when one field is left blank and you click submit then the blank field gets highlighted. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 24, 2016 Share Posted March 24, 2016 The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user. Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 25, 2016 Author Share Posted March 25, 2016 The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user. I am a beginner so I don't know where to start or what to do ? can you suggest what I could do next to make sure the fields are validated? Thanks Quote Link to comment Share on other sites More sharing options...
MarkLeci Posted March 26, 2016 Share Posted March 26, 2016 The if (isset($_POST['submit'])) would go right above your form processing (which should be at the top of the page code). This is the best solution as iarp mentioned. You would also need { } around your form processing if (isset($_POST['submit'])) { //all your form processing goes here } Quote Link to comment Share on other sites More sharing options...
benanamen Posted March 26, 2016 Share Posted March 26, 2016 The if (isset($_POST['submit'])) would go right above your form processing (which should be at the top of the page code). This is the best solution as iarp mentioned. You would also need { } around your form processing if (isset($_POST['submit'])) { //all your form processing goes here } No, this is not the best solution since it will completely fail under certain conditions. You are hoping the name of a button is going to be submitted and it wont always be. The correct method is if ($_SERVER['REQUEST_METHOD'] == 'POST') Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 28, 2016 Author Share Posted March 28, 2016 No, this is not the best solution since it will completely fail under certain conditions. You are hoping the name of a button is going to be submitted and it wont always be. The correct method is if ($_SERVER['REQUEST_METHOD'] == 'POST') Where should I insert that piece of code ? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted March 28, 2016 Share Posted March 28, 2016 (edited) if you are at the point of needing someone to tell you where to put lines of code, you are not ready to be doing this. we are not here to spoon-feed you with each piece of information, and where to put it in your code, that you need to know in order to do this. you need to read up on some basic php information. start with the php.net documentation, 'Getting Started' section and at least the 'Basic syntax' through 'Functions', 'Errors', and 'Predefined Variables' sub-sections of the 'Language Reference' section. as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. Edited March 28, 2016 by mac_gyver 1 Quote Link to comment Share on other sites More sharing options...
dragon42tt Posted March 28, 2016 Author Share Posted March 28, 2016 if you are at the point of needing someone to tell you where to put lines of code, you are not ready to be doing this. we are not here to spoon-feed you with each piece of information, and where to put it in your code, that you need to know in order to do this. you need to read up on some basic php information. start with the php.net documentation, 'Getting Started' section and at least the 'Basic syntax' through 'Functions', 'Errors', and 'Predefined Variables' sub-sections of the 'Language Reference' section. as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. So I guess you was born with knowledge in coding ? Really ? Read basic PHP documentation to learn where to put a line of code, are you serious? If you did not want to help then why bother replying, there are people here more than happy to help and I thank them for that, last thing I need is a moaner. What has this world come to, now I can't ask fellow humans for help. "as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. " My friend I don't know zilch about coding, none of this makes sense, I run a business and need some tiny help to help me improve it, you can't expect me to learn all of the above to be able to code one line. Please be realistic. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.