Hi, I'm currently receiving blank form submissions and am not sure what steps to take to stop this. Any suggestions are much appreciated.

I've set up a HTML form where the compulsory fields are checked using javascript, using <form onSubmit="return myVerificationFunction" etc...

The form is at: http://www.taewynpublishing.com.au/orderform.html

Just for a bit of context, after it's verified the data is posted to a perl cgi script that collects the data, then sends that data in an email to me, but also presents another form for the client to confirm their details before moving to the bank hosted payment page for credit card details etc.

My problem seems to be that the initial html form verification works for humans, but I'm still receiving blank forms in my email.

I don't know much about robots and spammers, so is captcha something I should look into, or am I missing something?

Thanks for your help.

I hopped on over to your website and checked out the form. The simple JavaScript form validation works fine if the user enters values or doesn't. However, when the user enters a number of spaces, eg(" ") then the value counts as legitimate.

I hope knowing this helps a bit.

Yes, thanks Matt. Looks like that's what was getting through. Have added checks for spaces in my validation script. Thanks heaps!

Glad I could help

People trying mysql injections perhaps?

Hi, sorry to reopen this, but even with my space checking, blank form submissions are still getting through.

Is there anything else I should be checking for? I don't understand what mysql injections are, how can I screen for those?

My validation script is at:
http://www.taewynpublishing.com.au/s...lidate_form.js

or below:

Code:

var msg = "";
var err = 0;
var checkSpace = new RegExp(/^[\s]*$/);
var numericExpression = new RegExp(/^[0-9]*$/);
function verify() {
 // Check name field
 var namestr = document.orderform.contactname.value;
 if (( namestr == "" ) || ( checkSpace.test(namestr) )) {
  msg += "Please provide your name.\n";
  err += 1;
 }
 
 // Check address field
 var addressstr = document.orderform.address.value;
 if (( addressstr == "" ) || ( checkSpace.test(addressstr) )) {
  msg += "Please provide your delivery address.\n";
  err += 1;
 }
 
 // Check email field
 var emailstr = document.orderform.email.value;
 if (( emailstr == "" ) || ( checkSpace.test(emailstr) )) {
  msg += "Please provide your email address.\n";
  err += 1;
 }
 
 // Check no. books is a number and then if only 1 or 2
 if ( document.orderform.nobooks.value.match(numericExpression) ) {
  if (( document.orderform.nobooks.value > 2 ) || ( document.orderform.nobooks.value < 1 )) {
   msg += "You may only order 1 to 2 books online.\n";
   err += 1;
  }
 }
 else {
  msg += "Please specify no. books.\n";
  err += 1;
 }
 
 // Check support radio buttons
 var btn = -1;
 var i;
 for ( i = document.orderform.support.length - 1; i > -1; i-- ) {
  if ( document.orderform.support[i].checked ) {
   btn = i; 
   i = -1;
  }
 }
 if ( btn == -1 ) {
  msg += "Please specify the organisation you wish to support.\n";
  err += 1;
 }
 // Sum it all up and display message if needed
 if (err > 0) {
  alert(msg);
  msg = ""; // Clear msg
  err = 0; // Reset error count
  return false;
 }
 else {
  return true;
 }
}

Thanks for your help.

Bots don't run javascripts so your "validation" will never run for such "submssions".

Use server side code to determine if the form is blank.