在电子邮件中接收未填写的联系表格
so in the last 2 months my website is online, i have been received 2 normal email from my contact form and like 30 empty unfilled form emails. I also use validator http://faireware.de/js/jquery.form-validation-and-hints.js. The weird is that i don't get these empty for emails when i i.e. dont fill an form and press send. It happens automaticly somehow... a spam bots or something, could it be?
My HTML code is:
<form method="post" action="contactengine.php">
<div class="field required">
<p>Name<br>
<input class="text verifyText hint" name="name" type="text" size="25" title="*Ihr Name..."></p>
</div><!--/field-->
<div class="field required ">
<p>E-Mail<br>
<input class="email verifyMail hint " name="email" type="text" size="25" title="*Ihre E-Mail-Adresse..."></p>
</div><!--/field-->
<div class="field required ">
<p>Nachricht<br>
<textarea name="message" rows="50" cols="50" title="*Schreiben Sie Ihre Nachricht..." class="hint "></textarea></p>
</div><!--/field-->
<p><input class="submit" type="submit" value="Senden"></p>
</form>
and my contactengine.php is:
<?php
$Subject = "Kontaktformular - FaireWare";
$Name = Trim(stripslashes($_POST['name']));
$Email = Trim(stripslashes($_POST['email']));
$Message = Trim(stripslashes($_POST['message']));
$EmailFrom = $Email;
$EmailTo = "info@faireware.de";
// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "
";
$Body .= "E-Mail: ";
$Body .= $Email;
$Body .= "
";
$Body .= "Nachricht: ";
$Body .= "
";
$Body .= $Message;
$Body .= "
";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: $Email");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
And the empty email forms do come like this:
Name:
E-Mail:
Nachricht:
Does it do it automaticly and how can it surpass validation...? I don't know PHP and very little java, so does anyone have any idea where the problem could be?
Thank you!
You can try this, i have modified your code with basic server side validations.
<?
if(count($_POST) > 0)
{
$Subject = "Kontaktformular - FaireWare";
$Name = trim(stripslashes($_POST['name']));
$Email = trim(stripslashes($_POST['email']));
$Message = trim(stripslashes($_POST['message']));
$EmailTo = "info@faireware.de";
$validationOK = true;
if(empty($Name) || empty($Email) || empty($Message)){
$validationOK = false;
}
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}
else
{
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "
";
$Body .= "E-Mail: ";
$Body .= $Email;
$Body .= "
";
$Body .= "Nachricht: ";
$Body .= "
";
$Body .= $Message;
$Body .= "
";
$headers = 'From: $Email' . "
";
// send email
$success = mail($EmailTo, $Subject, $Body, $headers);
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
}
}
?>
What i have changed?
Add starting check if $_POST array not 0 and than add basic validation with empty(). If any one field empty email will not send else you will get the email.
Try to update your server-side code to unbreakable to avoid spam. Here is some suggestions.
Also do server side isset check.
if(isset($_POST['name'])){
// Save the data or do the further processing
}
Suggestion: Do not depend on client side validations when developing secure applications.