The contact form on my website keeps sending me blank emails!

[dragon42tt]

Hi everyone.

I read somewhere that Google crawler triggers the contact form to send blank emails.

I believe a validation of the fields will stop this from happening, but I couldn't solve this problem to save my life, my php skills are very poor.

Here is the code, I hope someone can help, any help is appreciated.
 

 

<?php 
ob_start(); 
session_start(); 
include('class.phpmailer.php'); 
include('admin/includes/config.php'); 
    $name=isset($_POST['name']) ? addslashes($_POST['name']) : ''; 
    $email=isset($_POST['email']) ? addslashes($_POST['email']) : ''; 
    $phone=isset($_POST['phone']) ? addslashes($_POST['phone']) : ''; 
    $comment=isset($_POST['comment']) ? addslashes($_POST['comment']) : ''; 
     
        $row=mysql_fetch_array(mysql_query("SELECT * FROM `fds_tbladmin` WHERE `id`='1'")); 

     
    $admin_email=$row['email']; 
     
        $Subject1 ="Someone Has Contacted You"; 
         
        $TemplateMessage.="<br/><br />Hi Admin"; 
         
        $TemplateMessage.=""; 
         
        $TemplateMessage.="<br><br>"; 
        $TemplateMessage.=" Name :".$name; 
         

        $TemplateMessage.="<br><br>"; 
        $TemplateMessage.="Email :".$email; 

        $TemplateMessage.="<br><br>"; 
        $TemplateMessage.="Phone :".$phone; 

         
        $TemplateMessage.="<br><br>"; 
        $TemplateMessage.="Comment :".$comment; 
         
        $TemplateMessage.="<br><br><br/>Thanks & Regards<br/>"; 
         
        $TemplateMessage.="Flash Driving School"; 
         
        $TemplateMessage.="<br><br><br>This is a post-only mailing.  Replies to this message are not monitored 
        or answered."; 
         
        $mail1 = new PHPMailer; 
         
        $mail1->FromName = "flashdrivingschool.com"; 
         
        $mail1->From    = "info@flashdrivingschool.com"; 
         
        $mail1->Subject = $Subject1; 
         
        $mail1->Body    = stripslashes($TemplateMessage); 
         
        $mail1->AltBody = stripslashes($TemplateMessage); 
         
        $mail1->IsHTML(true); 
         
        $mail1->AddAddress($admin_email,"flashdrivingschool.com");//info@salaryleak.com 
         
        $mail1->Send(); 
         

 header('location:thankyou.php'); 
 exit(); 


?>

 

[iarp]

Nowhere in there are you checking to see if nothing was submitted. Typically you'd want to wrap the form processing code in something like 

 

if (isset($_POST['submit']))

 

Which will check to see if the submit button was clicked, at which point you know it's time to process the form. Otherwise it means someone landed on the page somehow and didn't mean to, so there's no reason to run the form processing.

[maxxd]

You're not actually validating any of the submitted fields. Just because a value is set in $_POST doesn't mean it's not empty or a blank string, nor does it mean that the field doesn't contain additional mail headers (allowing an unscrupulous user to use your contact form the send spam). I suggest you do some research into data validation, sanitizing, and escaping - it'll make life better for everyone involved.

[dragon42tt]

You're not actually validating any of the submitted fields. Just because a value is set in $_POST doesn't mean it's not empty or a blank string, nor does it mean that the field doesn't contain additional mail headers (allowing an unscrupulous user to use your contact form the send spam). I suggest you do some research into data validation, sanitizing, and escaping - it'll make life better for everyone involved.

Hi,

 

The website was created by someone else so I have no idea why it was done this way, and also as I mentioned I have no clue about php or any coding, so I don't really understand what you mean, I'm just wondering if there's a simple code I can use to fix this problem, In the meanwhile I will try the "(isset($_POST['submit']))" suggested by iarp above.

 

Thanks.

[dragon42tt]

Nowhere in there are you checking to see if nothing was submitted. Typically you'd want to wrap the form processing code in something like 

 

if (isset($_POST['submit']))

 

Which will check to see if the submit button was clicked, at which point you know it's time to process the form. Otherwise it means someone landed on the page somehow and didn't mean to, so there's no reason to run the form processing.

Where would I enter that piece of code ? 

[dragon42tt]

Also if you check out my website http://wwww.flashdrivingschool.co.uk if any fields are empty it doesn't allow you to submit anyway, so I guess there is some sort of validation, when one field is left blank and you click submit then the blank field gets highlighted.

[Pikachu2000]

The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user.

[dragon42tt]

The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user.

 

I am a beginner so I don't know where to start or what to do ? can you suggest what I could do next to make sure the fields are validated?

 

Thanks

[MarkLeci]

The 

if (isset($_POST['submit']))

would go right above your form processing (which should be at the top of the page code). This is the best solution as iarp mentioned. You would also need { } around your form processing

if (isset($_POST['submit']))
{
//all your form processing goes here

}

[benanamen]

 

The 

if (isset($_POST['submit']))

would go right above your form processing (which should be at the top of the page code). This is the best solution as iarp mentioned. You would also need { } around your form processing

if (isset($_POST['submit']))
{
//all your form processing goes here

}

 

 

No, this is not the best solution since it will completely fail under certain conditions. You are hoping the name of a button is going to be submitted and it wont always be.

 

The correct method is 

if ($_SERVER['REQUEST_METHOD'] == 'POST')

[dragon42tt]

 

No, this is not the best solution since it will completely fail under certain conditions. You are hoping the name of a button is going to be submitted and it wont always be.

 

The correct method is 

if ($_SERVER['REQUEST_METHOD'] == 'POST')

Where should I insert that piece of code ?

[mac_gyver]

if you are at the point of needing someone to tell you where to put lines of code, you are not ready to be doing this. we are not here to spoon-feed you with each piece of information, and where to put it in your code, that you need to know in order to do this.

 

you need to read up on some basic php information. start with the php.net documentation, 'Getting Started' section and at least the 'Basic syntax' through 'Functions', 'Errors', and 'Predefined Variables' sub-sections of the 'Language Reference' section.

 

as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. 

Edited March 28, 2016 by mac_gyver

[dragon42tt]

if you are at the point of needing someone to tell you where to put lines of code, you are not ready to be doing this. we are not here to spoon-feed you with each piece of information, and where to put it in your code, that you need to know in order to do this.

 

you need to read up on some basic php information. start with the php.net documentation, 'Getting Started' section and at least the 'Basic syntax' through 'Functions', 'Errors', and 'Predefined Variables' sub-sections of the 'Language Reference' section.

 

as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. 

So I guess you was born with knowledge in coding ?

 

Really ? Read basic PHP documentation to learn where to put a line of code, are you serious? 

 

If you did not want to help then why bother replying, there are people here more than happy to help and I thank them for that, last thing I need is a moaner.

 

What has this world come to, now I can't ask fellow humans for help.

 

"as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. "

 

My friend I don't know zilch about coding, none of this makes sense, I run a business and need some tiny help to help me improve it, you can't expect me to learn all of the above to be able to code one line. Please be realistic.