I have a few feedback forms on various sites I've done over the years, and they're PHP. They're now all getting spammed.

Anyone know of a good one I can use that processes and sends the form, as well as stopping anything happening unless it has actually been typed into the bloomin' form?

There's heaps of stuff you can do to code against this, but it depends on how far you want to take it. Check that the fields have something in them, and then validate their contents:



<?php

class Validator {

static function isEmpty( $var ) {
return is_empty( $var );
}

static function isEmail( $email ) {
return preg_match( '^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$', $email );
}

static function isURL( $url ) {
return preg_match( '^(http|https|ftp)\://([a-zA-Z0-9\.\-]+(\:[a-zA-Z0-9\.&%\$\-]+)*@)?((25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])|([a-zA-Z0-9\-]+\.)*[a-zA-Z0-9\-]+\.[a-zA-Z]{2,4})(\:[0-9]+)?(/[^/][a-zA-Z0-9\.\,\?\'\\/\+&%\$#\=~_\-@]*)*$', $url );
}

}

// Process form
if ( Validator::isEmpty( $_POST['message'] ) ) {
die( 'You must enter a message' );
}

if ( ! Validator::isEmail( $_POST['email'] ) ) {
die( 'You must enter a valid email' );
}

if ( ! Validator::isURL( $_POST['homepage'] ) && ! Validator::isEmpty( $_POST['homepage'] ) ) {
die( 'If you specified a homepage, it must be valid' );
}
?>


Just an example, but you get the idea.

Here's an altered class for validation, there were a few problems with the old one. You might want to find a better URL regex to put in the isURL() method. You can look on www.regexlib.com to find some more.



class Validator {

static function isEmpty( $var ) {
return empty( $var );
}

static function isEmail( $email ) {
return preg_match( '/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email );
}

static function isURL( $url ) {
return preg_match( '/^(http|https|ftp):\/\/[a-z0-9-_\.\/]*/i', $url );
}

}

if ($_GET['action'] == "submit") {
class Validator {

static function isEmpty( $var ) {
return empty( $var );
}
}
//Checks if name field is empty. If so it tell them to enter one
if(Validator::isEmpty($_POST['user_name'])) {
echo "Please Enter A Name";

}
else {
//Checks if message field is empty. If so it tell them to enter one
if(Validator::isEmpty( $_POST['user_message'])) {
echo "Please Enter A Message";

} else {
//Gets Date
$date = date('d/m/y');
//Gets Time
$time = date('G:i:s');
//Insert Data In DB
if(mysql_query("INSERT INTO user_messages (name , message, hide, date, time, ip) VALUES('".$_POST['user_name']."', '".$_POST['user_message']."', 'no', '$date', '$time', '".$_POST['user_ip']."')") != false) {

echo "Thank You For Posting";
} else {
echo "Error adding entry: " . mysql_error();
}
}
}
}


This wont work i dont know why???

Is you're PHP version 5, or 4.3.x?

That example I gave only works in 5.

here's another one for 4:



class Validator {

function isEmpty( $var ) {
return empty( $var );
}