Hello,
I have a contact form where most of the fields are required. When I go to the form and don't fill something out, I am prompt to fill in the required fields which is what I want. But every once in awhile I will get an email from that form that is completely blank. How does this happen and how can I make it stop? Any suggestions please. I used the phpformgenerator. Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have recenty experienced this same problem. With mine I am getting a completely blank form and at the same time one which has junk entered, the sort of thing you would expect from a phishing mail program, strangely the most importent part, submitters email address ( a required field) is the only blank part, the rest is a jumble of letters and numbers. I am concerned that my form is being hijacked by spammers. I moved to php away from perl for this very reason.
Anyone got a fix?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There are solutions to all problems, but the root cause must be understood first.
In the case were emails come back empty it is likely that someone, either intentionally or not, pointed their browser to the process.php file all by itself rather than going through the form. It is also possible that someone tried to spam the form with some form of executable code but since teh code was not recognised as form field responses the message comes back blank.
I am guessing here but these are two possible causes for this issue. There are ways to avoid most all attempts to abuse your form but since this is a free program the security is left to the user. In most cases these security measures are not required. I use many forms created using this utility without the need for modifications.
Some things to consider:
Add additional syntax checking to the form entry.
Add additional syntax checking in the process.php file.
Add a REFERRER variable check in the process.php file to ensure that the form.html file is the source of form field entry.
Add some additional blank or other syntax checking prior to sending the mail message.
All of these are relatively easy to implement, but again, the usefullness of any or all depend on the root cause of the problem you are trying to solve.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I have a contact form where most of the fields are required. When I go to the form and don't fill something out, I am prompt to fill in the required fields which is what I want. But every once in awhile I will get an email from that form that is completely blank. How does this happen and how can I make it stop? Any suggestions please. I used the phpformgenerator. Thanks!
I have recenty experienced this same problem. With mine I am getting a completely blank form and at the same time one which has junk entered, the sort of thing you would expect from a phishing mail program, strangely the most importent part, submitters email address ( a required field) is the only blank part, the rest is a jumble of letters and numbers. I am concerned that my form is being hijacked by spammers. I moved to php away from perl for this very reason.
Anyone got a fix?
There are solutions to all problems, but the root cause must be understood first.
In the case were emails come back empty it is likely that someone, either intentionally or not, pointed their browser to the process.php file all by itself rather than going through the form. It is also possible that someone tried to spam the form with some form of executable code but since teh code was not recognised as form field responses the message comes back blank.
I am guessing here but these are two possible causes for this issue. There are ways to avoid most all attempts to abuse your form but since this is a free program the security is left to the user. In most cases these security measures are not required. I use many forms created using this utility without the need for modifications.
Some things to consider:
Add additional syntax checking to the form entry.
Add additional syntax checking in the process.php file.
Add a REFERRER variable check in the process.php file to ensure that the form.html file is the source of form field entry.
Add some additional blank or other syntax checking prior to sending the mail message.
All of these are relatively easy to implement, but again, the usefullness of any or all depend on the root cause of the problem you are trying to solve.