Skip to main content
S
sneedbreedley
Inspiring
January 31, 2017
Answered

How to disallow words in a fillable field within a form?

  • January 31, 2017
  • 1 reply
  • 1489 views

One of my webpages includes a php form with fillable fields and I get a lot of spam responses. All of these spam responses include http addresses in the field marked "Miscellaneous Info". How do I prevent any forms with "http" in this field from getting sent to me?

    This topic has been closed for replies.
    Correct answer osgood_

    <?php

    if ($_POST){

        if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)){

      echo ('<div style="background-color:red;padding:10px;color:#fff;font-size:16px;">

                <b>' . $_POST['email'] . '</b> Email is not valid. Return to previous page and enter a valid email.

              </div>');

            } else {

            $body = "";

            foreach ($_POST as $param_name => $param_val) {

                $body .= "$param_name: $param_val\n";

            }

            $headers = 'From: ' .$_POST['email'];

            if (mail("[email address removed by Mod]", "Contact form submitted.", $body, $headers)) { 

                header('Location: http://www.winvoices.com/success.php'); 

      } else {

      $message = 'Sorry an error occurred. Please try again later.';

            }

        }

    }

    ?>


    Include the code marked in red below. It tests the Miscellaneous form field for any instances of 'http' or 'HTTP'. If it finds any the script stops running 'exit';

    It's best to try it out by inputting http or HTTP in the form field - you should get a blank page and no email send through.

    <?php

    if ($_POST){

    if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)){

    echo ('<div style="background-color:red;padding:10px;color:#fff;font-size:16px;">

    <b>' . $_POST['email'] . '</b> Email is not valid. Return to previous page and enter a valid email.

    </div>');

    } else {

    $body = "";

    $Miscellaneous = $_POST['Miscellaneous'];

    if (preg_match("~\bhttp\b~", $Miscellaneous) or preg_match("~\bHTTP\b~", $Miscellaneous)) {

    exit;

    }

    else {

    foreach ($_POST as $param_name => $param_val) {

    $body .= "$param_name: $param_val\n";

    }

    }

    $headers = 'From: ' .$_POST['email'];

    if (mail("[email address removed by Mod]", "Contact form submitted.", $body, $headers)) {

    header('Location: http://www.winvoices.com/success.php');

    } else {

    $message = 'Sorry an error occurred. Please try again later.';

    }

    }

    }

    ?>

    1 reply

    pziecina
    pziecina
    Legend
    January 31, 2017

    On the client side you could use the 'pattern' attribute along with a regular expression to disallow the http, (req.html5 form elements).

    https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#attr-pattern

    You should also do something similar on the server side to check also.

    S
    sneedbreedleyAuthor
    Inspiring
    January 31, 2017

    I don't understand. Here is the code as it stands. What can I add to it to disallow the word "http" from being accepted?

    <label for="Miscellaneous">Miscellaneous Info</label>

            <textarea name="Miscellaneous" cols="32" id="Miscellaneous"></textarea>    

    O
    osgood_
    Legend
    January 31, 2017

    You could test the form field for http and HTTP and do something based on if that block of text contains an instance of either or both of those. Instead of echoing "Go Away" you could just exit the script at that point so it wont send anything.

    Example

    <?php

    if($_POST['name']) {

    $name = $_POST['name'];

    if (preg_match("~\bhttp\b~", $name) or preg_match("~\bHTTP\b~", $name)) {

    echo "Go Away";

    } else {

    echo "Hello ".$name;

    }

    }

    ?>

    <form name="feedback" method="post" action="">

    <label for="name">Name

    <input type="text" name="name">

    </label>

    <input type="submit" name="submit" value="submit">

    </form>

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices