By-passing required form fields?

General PHP Help
#1

Hello All.

I have an online application form on the site. Coded in a mix of php, html, and java. Most of the input fields are required and validated. The application cannot be submitted unless all required fields have inputs AND at least 4 images are attached to the form. I test it on the site and its working properly. i.e. if you leave a required field empty and/or do not attach 4 images you get the error message popup and the form does not submit.

Problem is, some spammer is bypassing the validations on the page and is able to submit the form with empty fields and with no images attached. I have no idea how they are able to do this. Anyone have any ideas how that’s possible? How to stop it? Any help would be appreciated.

Thanks,
Peter

#2

If you want a proper answer, post your code

#3

Are you doing client and server side validation? It isn’t difficult to turn a required field into non anymore than it is to turn a radio button into a text field.

#4

It is possible to do so if your validating with javascript but if your using php he shouldn’t be able to unless there is an issue with your code.

#5

You can’t see it, but its passing all that information through the url, so if the supposive spammer knows what’s being passed to the php, then its easy to bypass the javascript. Whatever validation you do with js needs to also be done with php. You may also choose to insert a hidden field with a stop check. If that field isn’t passed, then invalidate all the other fields.

You could also use some kind of human verification like recaptcha or create your own.

#6

You also can put a security token (open ssl) in a hidden field to prevent spammers…just a thought. That way it would require a user to be logged into an account. 8) LOL - Nevermind I didn’t read the whole OP question first…oops ;D

Sponsor our Newsletter | Privacy Policy | Terms of Service