PDA

View Full Version : Verify Edit Box



Alistair
07-19-2007, 05:28 PM
Form that refers www.comedyshop.co.za/feedback.html (http://www.comedyshop.co.za/feedback.html)

Hi All

I created verification on the edit boxes here, so things like the email address must be an email address and The telephone number must be a telephone number.

When I try it, it works fine, in fact perfect,

However I still get website submissions with UNKNOWN in the space, does anyone know how they do that, or if there is a way to stop it!

I have noticed its allways the adds / spammers who get it right!

Alistair
www.comedyshop.co.za

navaldesign
07-19-2007, 05:49 PM
Spammers disable javascript, and since BV validation is javascript, they override it.
You need to use PHP validation in your script. The javascript will be usefull for normal users, php can make a second, in-script validation that will partially protect you from spam (though not from sending you spam under a fake email address)

Alistair
07-19-2007, 06:50 PM
Thank You Naval,
Do you know where I might find the php scripts required?

Alistair
www.comedyshop.co.za

Watdaflip
07-19-2007, 07:30 PM
The script will depend on your form. Pretty much every form needs a specific script customized to its field names

navaldesign
07-19-2007, 08:58 PM
Specific validation requires specific scripts. For maximum protection, i use in some of my scripts:
a. session verification, to avoid bot submission directly to the script.
b. a captcha , to avoid bot submission through the form
c. Field by field specific validation that disallowes @, http and www characters if more than one time, in the comments fields, not even once in other fields.
d. File size and mime type check, as well as file renaming to avoid execution of malicious code after uploaded.
e. Cookies (hehe) to cookie those inocent but annoying spammers that just do it for fun. I store their IP address and when they visit again, they are already banned but before the script quits, it cookies them so that they will be recognised next time even if they use another IP address (only for amateur spammers)