form validation

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

As spammers turn off javascript to spam your forms, what do you people here recommend to
validate your forms?


Re: form validation

Quoted text here. Click to load it

server side validation (php in my case)

Karl Groves

Accessibility Discussion List:

Re: form validation

W E B G U R L wrote:

Quoted text here. Click to load it

It's not a question of turning javascript off, they wont even know that
you've used it.  Javascript must be turned *ON* in order to work.  When
building a form you should always assume the user will not execute your JS.

Validate it on the server.

Brian Wakem

Re: form validation

W E B G U R L wrote:
Quoted text here. Click to load it

The same thing that all competent developers recommended even before
the current-day wave of spamming began: that all necessary validation
be done at the server side, with any use of client-side scripting being
done only as an optional enhancement.


Re: form validation

W E B G U R L wrote

Quoted text here. Click to load it

I do it server-side with PHP, so it doesn't matter if the spammer is
using Javascript or not.

I'm slightly confused here.  Are you talking about validating the user's
data, or checking for spam?

Checking for spam input is not straight-forward.  A lot depends on what
the  form is form.  For example, I have a form for general enquiries.  I
was getting script-kiddies (presumably) trying to submit lots of email
addresses to spam to.  I now reject forms that have more than a certain
number of "@" signs in the input.

I was also getting spammers inputting text (and all sorts of mumbo
jumbo) in the email field, so I check for any punctuation or characters  
that shouldn't exist in an email address (:,;,',",=,(,), etc) then
reject it.

These two measures alone, for me, cut down a lot of junk.

Charles Sweeney

Site Timeline