I put together a simple PHP email form for a website, but it keeps sending blank emails every so often. Most of the the fields are "required" and I was using a captcha system for a while, but the blank emails kept coming.
HTML markup:
<form action="mail_send.php" method="post">
<input name="name" type="text" required="required" size="40" />
<input name="email" type="text" required="required" size="40" />
<input name="company" type="text" size="40" />
<textarea name="message" cols="80" rows="7" required="required"></textarea>
<input type="submit" value="Submit" />
</form>
PHP:
$name = $_POST['name'];
$email = $_POST['email'];
$company = $_POST['company'];
$message = $_POST['message'];
$formcontent=" FROM:\n $name \n\n COMPANY:\n $company \n\n MESSAGE:\n $message";
$recipient = "email address";
$subject = "Subject";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo "<script>window.location = 'confirmation.php'</script>";
Everything works fine when I test it, I receive the emails from the form with no problems at all, but for some reason I keep getting blank emails often (possibly from robots).
Any ideas?
Thanks!
That could happen if your HTML form and PHP are inside the same file while you're not checking if any of those inputs are empty or not. And if not in the same file, not checking for emptyness, still applies.
You could be the victim of bots, or some joker visiting your site ever so often just to tick you off.
Or that the form's method's URL is being accessed directly by someone or something, which is what I feel may be the issue here, since you do have required for your inputs.
So, use a conditional !empty() against all your inputs.
- http://php.net/manual/en/function.empty.php
I.e.:
Sidenote: || checks to see if one or any are empty.
if( !empty($_POST['name']) || !empty($_POST['email']) ){
$name = $_POST['name'];
$email = $_POST['email'];
// process mail
}
You can add the other ones in.
Or give your submit a name attribute:
<input name="submit" type="submit" value="Submit" />
Then check if the button is set and that the inputs are not empty:
if(isset(_POST['submit'])){
if(!empty($_POST['name']) || !empty($_POST['email']) ){
$name = $_POST['name'];
$email = $_POST['email'];
// process mail
}
}
You should also use filters, for the email input:
- http://php.net/manual/en/function.filter-var.php
- http://php.net/manual/en/filter.examples.validation.php
Plus, if you decide to use radios/checkboxes later on, use isset() against those.
Sidenote:
You could add a checkbox to your form to check if it was checked or not, and handle it with a conditional statement.
Footnotes:
"Most of the the fields are "required" and I was using a captcha system for a while, but the blank emails kept coming."
There isn't any captcha code in your question to support this.
N.B.:
The required attribute only works in HTML5 supported browsers. Therefore, if any of those bots or visitors to your site are using a browser that doesn't support HTML5, or technology that can bypass it, then that too could be another (contributing) factor.
You will want to do validation on your PHP.
http://www.w3schools.com/php/php_form_validation.asp
Basically you will want to do the following:
Security
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Validation
if (!empty($email)){
//your code to send email
}
You could make it a little more complex if you want to check more than one thing.
$fail_validation = FALSE;
if (empty($email)){
$fail_validation = TRUE;
}
if (empty($phone)){
$fail_validation = TRUE;
}
if ($fail_validation == FALSE){
//code to send mail goes here
}
Please note, this is very basic, and you may want to consider looking into some extra functions to secure the PHP. I would also suggest using a honeypot as an extra layer of security.
https://stackoverflow.com/a/22103646/2547075
<textarea name="message" cols="80" rows="7" required="required"></textarea>
should be
<textarea name="message" cols="80" rows="7" required></textarea>
Are you writing XHTML or HTML?
Validation on the server side is also recommended. See answers below on how to do it.
But for some reason you're getting blank emails, possibly from robots
pretty much answered your question. Robots can be pretty advanced and break certain Captcha'a as well to post blank post requests. You should check if the post requests are not empty.
The unbreakable captcha's are the ones you've written yourself (and not spread be-hound your website until it becomes popular) or the recently introduced one from Google. give it a try (once you've checked for empty values)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 相关推荐>> 的文章《PHP email form shooting blank emails》','https://www.manongdao.com/article-871211.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}