PDA

View Full Version : PHP Validate a form field with PHP (ServerSide)


sosADAMsos
July 15th, 2008, 07:02 PM
For security reasons I've added a security input/question into my form.

Something like:

"Please type the word 'puppy' into the space below:
____________"

I was able to get help validating it in JavaScript (http://www.kirupa.com/forum/showthread.php?t=303793), but I realized I also need it validated with php incase javascript is disabled.

Can someone help me work that into my exhisting php code?



<?php
if(isset($_POST['submit'])) {

$subject = "Contact Message From XXXXX.com";
$from = 'From: ' . $_POST["name"] . "\r\n";
$to = "adam@XXXXX.com";

$message = "CONTACT MESSAGE FROM XXXXX.COM" . "\r\n\n\n";
$message .= "Name:\n" . $_POST["name"] . "\r\n\n";
$message .= "Email:\n" . $_POST["email"] ."\r\n\n";
$message .= "Comments:\n". $_POST["comments"];

mail($to, $subject, $message, $from);

}
?>

Thanks!
chrisclick
July 16th, 2008, 07:00 AM
<?php
if(isset($_POST['submit'])) {
$securityword = "puppy"
$validatefield= $_POST['validate'];
$subject = "Contact Message From XXXXX.com";
$from = 'From: ' . $_POST["name"] . "\r\n";
$to = "adam@XXXXX.com";

$message = "CONTACT MESSAGE FROM XXXXX.COM" . "\r\n\n\n";
$message .= "Name:\n" . $_POST["name"] . "\r\n\n";
$message .= "Email:\n" . $_POST["email"] ."\r\n\n";
$message .= "Comments:\n". $_POST["comments"];

if($validatefield == $securityword) {
mail($to, $subject, $message, $from);
}else{
echo "Validation Failed";
}
}
?>


Been a while since I used php, you might wanna check that
jwilliam
July 16th, 2008, 10:32 AM
I'm not sure how much you're worried about security, but your validation method is easily overcome. If you want to beef it up a little, try locating a CAPTCHA script. (Completely Automated Public Turing Test to Tell Computers and Humans Apart) Look for one that has background "noise," different font sizes, rotated letters... things like that.
sosADAMsos
July 16th, 2008, 01:00 PM
<?php
if(isset($_POST['submit'])) {
$securityword = "puppy"
$validatefield= $_POST['validate'];
$subject = "Contact Message From XXXXX.com";
$from = 'From: ' . $_POST["name"] . "\r\n";
$to = "adam@XXXXX.com";

$message = "CONTACT MESSAGE FROM XXXXX.COM" . "\r\n\n\n";
$message .= "Name:\n" . $_POST["name"] . "\r\n\n";
$message .= "Email:\n" . $_POST["email"] ."\r\n\n";
$message .= "Comments:\n". $_POST["comments"];

if($validatefield == $securityword) {
mail($to, $subject, $message, $from);
}else{
echo "Validation Failed";
}
}
?>


Been a while since I used php, you might wanna check that

Unfortunately that didnt work :( The form still went through even without the correct security word.