Jump to content

How to prevent bot or spam forms submissions (empty submissions)

pioneerx01

By pioneerx01
in PHP Coding Help

 Share

Recommended Posts

pioneerx01 Regular Member

pioneerx01

Posted
Posted

I have multiple PHP forms set up. Most of them have few fields that if not filled up the form will not be submitted. And one question that if you answer wrong you will not get through either. With this I have eliminated most "hgdgfgdhsj" style forms submissions by spam bots. But every now and then I get ghost or empty form submission. In database I get records (only one at a time) that are fully blank (every now and then). This confuses me. How and why does it happen, and mainly how do I prevent it?

 

Thanks

Link to comment
Share on other sites
pioneerx01 Regular Member

pioneerx01

Posted
  • Author
Posted

Ok here is the most simplest and shortest one I have.

HTML:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Judge Registration</title>
<!--#include virtual="/virtuals/v1.html"-->
<link href="/supportdata/css.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
/***********************************************
* Email Validation script- © Dynamic Drive (www.dynamicdrive.com)
* This notice must stay intact for legal use.
* Visit http://www.dynamicdrive.com/ for full source code
***********************************************/
var emailfilter=/^\w+[\+\.\w-]*@([\w-]+\.)*\w+[\w-]*\.([a-z]{2,4}|\d+)$/i
function checkmail(e){
var returnval=emailfilter.test(e.value)
if (returnval==false){
alert("Your e-mail address does not seem to be valid. Please enter a valid e-mail address.")
e.select()}return returnval}
</script>
<SCRIPT LANGUAGE="JavaScript">
function Disab(val) {
frm=document.forms[0]
if(val=="yes"){frm.jobtitle.disabled=true, frm.organization.disabled=true, frm.workphone.disabled=true,frm.extension.disabled=true}
if(val=="no"){frm.jobtitle.disabled=false, frm.organization.disabled=false, frm.workphone.disabled=false,frm.extension.disabled=false}
if(val=="elementary"){frm.AS.disabled=false, frm.BE.disabled=false, frm.CB.disabled=false, frm.CH.disabled=false, frm.CS.disabled=false, frm.EA.disabled=false, frm.EG.disabled=false, frm.EV.disabled=false, frm.MA.disabled=false, frm.ME.disabled=false, frm.PH.disabled=false, frm.PS.disabled=false, frm.BI.disabled=true, frm.EN.disabled=true, frm.EE.disabled=true, frm.TE.disabled=true, frm.EM.disabled=true, frm.MI.disabled=true}
if(val=="junior"){frm.AS.disabled=false, frm.BE.disabled=false, frm.CB.disabled=false, frm.CH.disabled=false, frm.CS.disabled=false, frm.EA.disabled=false, frm.EG.disabled=false, frm.EV.disabled=false, frm.MA.disabled=false, frm.ME.disabled=false, frm.PH.disabled=false, frm.PS.disabled=false, frm.BI.disabled=true, frm.EN.disabled=true, frm.EE.disabled=true, frm.TE.disabled=true, frm.EM.disabled=true, frm.MI.disabled=true}
if(val=="senior"){frm.AS.disabled=false, frm.BE.disabled=false, frm.CB.disabled=false, frm.CH.disabled=false, frm.CS.disabled=false, frm.EA.disabled=false, frm.EG.disabled=true, frm.EV.disabled=false, frm.MA.disabled=false, frm.ME.disabled=false, frm.PH.disabled=false, frm.PS.disabled=false, frm.BI.disabled=false, frm.EN.disabled=false, frm.EE.disabled=false, frm.TE.disabled=false, frm.EM.disabled=false, frm.MI.disabled=false}
}
</SCRIPT>

<style type="text/css">
<!--
.required {color: #FF0000}
-->
</style>
</head>
<body>
<script language="JavaScript">
/***********************************************
* Required field(s) validation v1.10- By NavSurf
* Visit Nav Surf at http://navsurf.com
* Visit http://www.dynamicdrive.com/ for full source code
***********************************************/
function formCheck(formobj){
// Enter name of mandatory fields
var fieldRequired = Array("FirstName", "LastName", "gender", "degree", "address", "city", "state", "zip", "homephone", "shirt", "division", "judged");
// Enter field description to appear in the dialog box
var fieldDescription = Array("First Name", "Last Name", "Gender", "Degree", "Home address", "City", "State", "Zip", "Home Phone", "Shirt Size", "division selection", "Have you judged before?");
// dialog message
var alertMsg = "Please complete the following fields:\n";
var l_Msg = alertMsg.length;
for (var i = 0; i < fieldRequired.length; i++){
	var obj = formobj.elements[fieldRequired[i]];
	if (obj){
		switch(obj.type){
		case "select-one":
			if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
				alertMsg += " - " + fieldDescription[i] + "\n";
			}
			break;
		case "select-multiple":
			if (obj.selectedIndex == -1){
				alertMsg += " - " + fieldDescription[i] + "\n";
			}
			break;
		case "text":
		case "textarea":
			if (obj.value == "" || obj.value == null){
				alertMsg += " - " + fieldDescription[i] + "\n";
			}
			break;
		default:
		}
		if (obj.type == undefined){
			var blnchecked = false;
			for (var j = 0; j < obj.length; j++){
				if (obj[j].checked){
					blnchecked = true;
				}
			}
		if (!blnchecked){
			alertMsg += " - " + fieldDescription[i] + "\n";
			}
	}
}
}

if (alertMsg.length == l_Msg){
	return true;
}else{
	alert(alertMsg);
	return false;
}
}
</script>
<div align="center">
  <!--#include virtual="/virtuals/mainmenu.html"-->
</div>
<div align="center"><!--#include virtual="/virtuals/sitewide.html"--></div>
<div align="center"><!--#include virtual="/virtuals/registrationformwide.html"--></div>

<form name="schoolregistration" method="post" action="judge.php" onSubmit="return formCheck(this)"> <!--return validate_form(this);" "-->

<table id="maintable">

<tr background="/contactus.shtml"><td colspan="2"><p>Hello, <br><br>
and welcome to AzSEF <strong>Judge registration page</strong>. Please fill out all the information  below, in order to successfully complete your registration. If you have any questions or difficulties please feel free to <a href="/contactus.shtml">contact us</a>. If you have made a mistake in your registration or are not sure if you have already registered please <a href="/contactus.shtml">contact us</a> before you register again. Judging of 2011 AzSEF will take place on <strong>Tuesday, April 12, 2011</strong>.<br>
<br>
Please note that you can register only for one division.  Multiple registrations will not be accepted. <br>
<br>
        Thank you
    <hr/></p></td></tr>
<tr>
  <td width="267" align="right">Full Name :</td>
  <td width="721"><input name="Full_Name" type="text" id="Full_Name" size="75"></td></tr>
<tr>
<td align="right">Gender :     </td><td><select name="gender" id="gender">
    <option value=""selected></option>
    <option value="Male">Male</option>
    <option value="Female">Female</option>
  </select></td></tr>
<tr><td align="right"><label>Highest degree completed : </label></td>
  <td align="left" id="pgray"><select name="degree" id="degree">
    <option value="" selected></option>
    <option value="AA">AA</option>
    <option value="AS">AS</option>
    <option value="AAS">AAS</option>
    <option value="BS">BS</option>
    <option value="BA">BA</option>
    <option value="MS">MS</option>
    <option value="MA">MA</option>
    <option value="Phd">Phd</option>
<option value="2+Yr">2+Yr</option>
        </select>
    (at least two years of college required for judges)</td>
</tr>

<tr>
  <td align="right"> Retired? :</td>
  <td><input name="retired" type="radio" value="yes" checked onClick="Disab(this.value)">
    Yes 
      <input name="retired" type="radio" value="no" onClick="Disab(this.value)">
      No</td>
</tr>
<tr>
<td align="right">Organization : </td>
<td id="pgray"><input name="organization" type="text" id="oeganization" size="75" disabled></td>
</tr>
<tr>
  <td align="right">Job Title :</td>
  <td align="left"><input name="jobtitle" type="text" id="jobtitle" size="75" disabled></td>
</tr>
<tr>
  <td align="right">Work Phone : </td>
  <td align="left"><input name="workphone" type="text" id="workphone" size="12" maxlength="12" disabled>
    <span id="pgray">(example 5557779999)</span> Extension
    <input name="extension" type="text" id="extension" size="10" maxlength="10" disabled>
(if any)</td>
</tr>
<tr>
  <td colspan="2" align="right"><hr/></td>
  </tr>
<tr>
  <td align="right">Home address : </td>
  <td align="left"><input name="address" type="text" id="address" size="75"></td>
</tr>
<tr>
  <td align="right">City : </td>
  <td align="left"><input name="city" type="text" id="city" size="75"></td>
</tr>
<tr>
  <td align="right">State : </td>
  <td align="left"><select name="state" id="state">
<option value="AZ">ARIZONA</option>
<option value="AA">AA</option>
<option value="AP">AP</option>
<option value="AE">AE</option>
<option value="AK">ALASKA</option>
<option value="AL">ALABAMA</option>
<option value="AR">ARKANSAS</option>
<option value="CA">CALIFORNIA</option>
<option value="CO">COLORADO</option>
<option value="CT">CONNECTICUT</option>
<option value="DC">DISTRICT OF COLUMBIA</option>
<option value="DE">DELAWARE</option>
<option value="FL">FLORIDA</option>
<option value="GA">GEORGIA</option>
<option value="HI">HAWAII</option>
<option value="IA">IOWA</option>
<option value="ID">IDAHO</option>
<option value="IL">ILLINOIS</option>
<option value="IN">INDIANA</option>
<option value="KS">KANSAS</option>
<option value="KY">KENTUCKY</option>
<option value="LA">LOUISIANA</option>
<option value="MA">MASSACHUSETTS</option>
<option value="MD">MARYLAND</option>
<option value="ME">MAINE</option>
<option value="MI">MICHIGAN</option>
<option value="MN">MINNESOTA</option>
<option value="MO">MISSOURI</option>
<option value="MS">MISSISSIPPI</option>
<option value="MT">MONTANA</option>
<option value="NC">NORTH CAROLINA</option>
<option value="ND">NORTH DAKOTA</option>
<option value="NE">NEBRASKA</option>
<option value="NH">NEW HAMPSHIRE</option>
<option value="NJ">NEW JERSEY</option>
<option value="NM">NEW MEXICO</option>
<option value="NV">NEVADA</option>
<option value="NY">NEW YORK</option>
<option value="OH">OHIO</option>
<option value="OK">OKLAHOMA</option>
<option value="OR">OREGON</option>
<option value="PA">PENNSYLVANIA</option>
<option value="PR">PUERTO RICO</option>
<option value="RI">RHODE ISLAND</option>
<option value="SC">SOUTH CAROLINA</option>
<option value="SD">SOUTH DAKOTA</option>
<option value="TN">TENNESSEE</option>
<option value="TX">TEXAS</option>
<option value="UT">UTAH</option>
<option value="VA">VIRGINIA</option>
<option value="VT">VERMONT</option>
<option value="WA">WASHINGTON</option>
<option value="WI">WISCONSIN</option>
<option value="WV">WEST VIRGINIA</option>
<option value="WY">WYOMING</option>
  </select></td>
</tr>
<tr>
  <td align="right">Zip : </td>
  <td align="left"><input name="zip" type="text" id="zip" size="5" maxlength="5"></td>
</tr>
<tr>
  <td align="right">Home Phone : </td>
  <td align="left"><input name="homephone" type="text" id="homephone" size="12" maxlength="12">
    <span id="pgray">(example 5557779999)</span> </td>
</tr>
<tr>
  <td align="right">E-Mail : </td>
  <td align="left"><input name="email" type="text" id="email" size="75"></td>
</tr>
<tr>
  <td align="right">Shirt Size : </td>
  <td align="left">
    <select name="shirt" id="shirt">
      <option value=""></option>
      <option value="S">Small</option>
      <option value="M">Medium</option>
      <option value="L">Large</option>
      <option value="XL">Extra-Large</option>
      <option value="XXL">2X-Large</option>
      <option value="XXXL">3X-Large</option>
      <option value="none">I will wear one from last year</option>
    </select>
    <span id="pgray">(exchanges may be available on-site, if quantities last)</span> <br>
    <span class="required">If you have a shirt from previous fair, please wear that one. Thank you</span><br>
  *Please note that this year we will not be mailing shirts to your address, but will be provided to you at the fair.    </td>
</tr>
<tr><td colspan="2"><hr/></td></tr>

<tr>
  <td align="right">What division do you feel comfortable judging? (you can pick only one) </td>
  <td align="left"><input name="division" type="radio" value="elementary" onClick="Disab(this.value)"> 
    Elementary - Grades 5-6
<br>
  <input name="division" type="radio" value="junior" onClick="Disab(this.value)">
  Junior - Grades 7-8 <br>
<input name="division" type="radio" value="senior" onClick="Disab(this.value)"> 
Senior - Grades 9-12</td>
</tr>
<tr>
  <td colspan="2" align="left"><hr/></td>
  </tr>
<tr>
  <td colspan="2" align="left"><p>Based on your selection of division above you can select any category that is listed below to judge. Some categories may not be available for all divisions. Please rate each allowed category on a scale 1-5 (most to least comfortable) that you wish to judge. If you do not want to judge certain category leave it at 0 (zero). We will do our best to place you in your selected categories, however there are no guarantees as the number of participants and judges in each category will vary. </p>
    <p><strong>1</strong> - I know the most about this category and I would like to judge it.<br>
          <strong>2</strong> - I know a lot about this category and would feel comfortable judging it.<br>
            <strong>3</strong> - I know fair amount about this category and would judge it.<br>
              <strong>4</strong> - I know more than few thing about this category and would judge it, if it is necessary.<br>
              <strong>5</strong> - I know few thing about this category and I would judge it, if it is really necessary.<br>
              <strong>0</strong> - I do not know anything about this category, don't put me here<br>
    </p>    </td>
  </tr>
<tr>
  <td align="left"> </td>
  <td align="left"> </td>
</tr>
<tr>
  <td align="right">Animal Science : </td>
  <td align="left"><select name="AS" id="AS" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
    </select></td>
</tr>
<tr>
  <td align="right">Behavioral and Social Sciences : </td>
  <td align="left"><select name="BE" id="BE" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
<td align="right">Biochemistry : </td>
  <td align="left"><select name="BI" id="BI" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Cellular and Molecular Biology : </td>
  <td align="left"><select name="CB" id="CB" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Chemistry : </td>
  <td align="left"><select name="CH" id="CH" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Computer Sciences : </td>
  <td align="left"><select name="CS" id="CS" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Earth and Planetary Sciences : </td>
  <td align="left"><select name="EA" id="EA" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Energy and transportation : </td>
  <td align="left"><select name="TE" id="TE" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Engineering : </td>
  <td align="left"><select name="EG" id="EG" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Engineering: electrical and mechanical : </td>
  <td align="left"><select name="EE" id="EE" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Engineering: materials and bioengineering : </td>
  <td align="left"><select name="EN" id="EN" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Environmental Management : </td>
  <td align="left"><select name="EM" id="EM" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Environmental sciences : </td>
  <td align="left"><select name="EV" id="EV" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Mathematical sciences : </td>
  <td align="left"><select name="MA" id="MA" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Medicine and health sciences : </td>
  <td align="left"><select name="ME" id="ME" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Microbiology : </td>
  <td align="left"><select name="MI" id="MI" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Physics and astronomy : </td>
  <td align="left"><select name="PH" id="PH" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right">Plant sciences : </td>
  <td align="left"><select name="PS" id="PS" disabled>
    <option value="" selected>0</option>
    <option value="1">1</option>
    <option value="2">2</option>
    <option value="3">3</option>
    <option value="4">4</option>
    <option value="5">5</option>
  </select></td>
</tr>
<tr>
  <td align="right"> </td>
  <td align="left"> </td>
</tr>
<tr>
  <td align="right">Have you judged AzSEF before? : </td>
  <td align="left"><input name="judged" type="radio" value="yes">
Yes
  <input name="judged" type="radio" value="no">
No</td>
</tr>
<tr>
  <td align="right"> </td>
  <td align="left"> </td>
</tr>
<tr>
  <td align="right">Do you want judging materials mailed to your home address?</td>
  <td align="left"><input name="mail" type="radio" value="yes">
Yes
  <input name="mail" type="radio" value="no">
No</td>
</tr>
<tr>
  <td align="right"> </td>
  <td align="left">*All the judging material are available online and will be provided to you through a link in the confirmation email. If you require a printed version of these materials select "yes" in the question above.</td>
</tr>
<tr>
  <td align="right"> </td>
  <td align="left"> </td>
</tr>
<tr>
  <td colspan="2" align="left"><input type="submit" name="submit" onClick="return checkmail(this.form.email)" value="Submit Judge Registration Form"/>
    <input name="Reset" type="reset"value="Clear all Fields" onClick="return confirm('Are you sure you want to CLEAR all fields?')"/></td>
</tr>
</table>
</form>
<div align="center"><!--#include virtual="/virtuals/footer.html"--></div>
</body>
</html>

 

The the PHP counterpart:

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Registration Completed</title>
<?php include '../virtuals/v1.html' ?>
<link href="../supportdata/css.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center"><img src="../headers/registrationcompleted.jpg"></div>
<div align="center"><?php include '../virtuals/mainmenu.html' ?></div>
<div align="center"><?php include '../virtuals/sitewide.html' ?></div>
<div align="center"><?php include '../virtuals/registrationformwide.html' ?></div>
<table id="maintable">
<tr>
<td>

<?php 

$query  = "SELECT * FROM Judge_Registrations WHERE Full_Name= '$_POST[Full_Name]' ";
$result2 = mysql_query($query);
if (mysql_numrows($result2) > 0) {
while($row = mysql_fetch_array($result2))
{
echo" 
<h2>ERROR</h2>
<p> It seems that you are already registered with following information:
<br/><br/>
{$row['Full_Name']}<br/>
{$row['City']}, {$row['State']} {$row['Zip']}<br/><br/>
If this is not you, or you think you have reached this page by mistake, please contact us.<br/>
Thank you.
</p>
  <div align='right'><a href='../contact us.shtml'>Contact Us</a> ><br>
  </div></td>
</tr>
</table>

";} 
}
else {

if ( $_POST[division] == "elementary" ) {
      mysql_query("INSERT INTO ``.`` (
      `ID` ,
      `Full_Name` ,
      `Gender` ,
      `Degree` ,
      `Retired` ,
      `Organization` ,
      `Job_Title` ,
      `Work_Phone` ,
      `Extension` ,
      `Address` ,
      `City` ,
      `State` ,
      `Zip` ,
      `Home_Phone` ,
      `Email` ,
      `Division` ,
      `Judged` ,
      `Shirt` ,
      `Mail` ,
      `EAS` ,
      `EBE` ,
      `ECB` ,
      `ECH` ,
      `ECS` ,
      `EEA` ,
      `EEG` ,
      `EEV` ,
      `EMA` ,
      `EME` ,
      `EPH` ,
      `EPS`
      )
      VALUES (
      NULL ,
      '$_POST[Full_Name]' ,
      '$_POST[gender]' ,
      '$_POST[degree]' ,
      '$_POST[retired]' ,
      '$_POST[organization]' ,
      '$_POST[jobtitle]' ,
      '$_POST[workphone]' ,
      '$_POST[extension]' ,
      '$_POST[address]' ,
      '$_POST[city]' ,
      '$_POST[state]' ,
      '$_POST[zip]' ,
      '$_POST[homephone]' ,
      '$_POST[email]' ,
      '$_POST[division]' ,
      '$_POST[judged]' ,
      '$_POST[shirt]',
      '$_POST[mail]',
      '$_POST[AS]' ,
      '$_POST[bE]' ,
      '$_POST[CB]' ,
      '$_POST[CH]' ,
      '$_POST[CS]' ,
      '$_POST[EA]' ,
      '$_POST[EG]' ,
      '$_POST[EV]' ,
      '$_POST[MA]' ,
      '$_POST[ME]' ,
      '$_POST[PH]' ,
      '$_POST[PS]'
      );") 
      or die(mysql_error( 'Location: http://mysite/mysql_error.php' ));  
      //echo "Row inserted!";
} elseif ( $_POST[division] == "junior" ) {
      mysql_query("INSERT INTO ``.`` (
      `ID` ,
      `Full_Name` ,
      `Gender` ,
      `Degree` ,
      `Retired` ,
      `Organization` ,
      `Job_Title` ,
      `Work_Phone` ,
      `Extension` ,
      `Address` ,
      `City` ,
      `State` ,
      `Zip` ,
      `Home_Phone` ,
      `Email` ,
      `Division` ,
      `Judged` ,
      `Shirt` ,
      `Mail` ,
      `JAS` ,
      `JBE` ,
      `JCB` ,
      `JCH` ,
      `JCS` ,
      `JEA` ,
      `JEG` ,
      `JEV` ,
      `JMA` ,
      `JME` ,
      `JPH` ,
      `JPS`
      )
      VALUES (
      NULL ,
      '$_POST[Full_Name]' ,
      '$_POST[gender]' ,
      '$_POST[degree]' ,
      '$_POST[retired]' ,
      '$_POST[organization]' ,
      '$_POST[jobtitle]' ,
      '$_POST[workphone]' ,
      '$_POST[extension]' ,
      '$_POST[address]' ,
      '$_POST[city]' ,
      '$_POST[state]' ,
      '$_POST[zip]' ,
      '$_POST[homephone]' ,
      '$_POST[email]' ,
      '$_POST[division]' ,
      '$_POST[judged]' ,
      '$_POST[shirt]',
      '$_POST[mail]',
      '$_POST[AS]' ,
      '$_POST[bE]' ,
      '$_POST[CB]' ,
      '$_POST[CH]' ,
      '$_POST[CS]' ,
      '$_POST[EA]' ,
      '$_POST[EG]' ,
      '$_POST[EV]' ,
      '$_POST[MA]' ,
      '$_POST[ME]' ,
      '$_POST[PH]' ,
      '$_POST[PS]'
      );") 
      or die(mysql_error());  
      //echo "Row inserted!";
} elseif ( $_POST[division] == "senior" ) {
      mysql_query("INSERT INTO ``.`` (
      `ID` ,
      `Full_Name` ,
      `Gender` ,
      `Degree` ,
      `Retired` ,
      `Organization` ,
      `Job_Title` ,
      `Work_Phone` ,
      `Extension` ,
      `Address` ,
      `City` ,
      `State` ,
      `Zip` ,
      `Home_Phone` ,
      `Email` ,
      `Division` ,
      `Judged` ,
      `Shirt` ,
      `Mail` ,
      `SAS` ,
      `SBE` ,
      `SCB` ,
      `SCH` ,
      `SCS` ,
      `SEA` ,
      `SEV` ,
      `SMA` ,
      `SME` ,
      `SPH` ,
      `SPS` ,
      `SBI` ,
      `SEN` ,
      `SEE` ,
      `SEM` ,
      `SMI` ,
      `STE`
      )
      VALUES (
      NULL ,
      '$_POST[Full_Name]' ,
      '$_POST[gender]' ,
      '$_POST[degree]' ,
      '$_POST[retired]' ,
      '$_POST[organization]' ,
      '$_POST[jobtitle]' ,
      '$_POST[workphone]' ,
      '$_POST[extension]' ,
      '$_POST[address]' ,
      '$_POST[city]' ,
      '$_POST[state]' ,
      '$_POST[zip]' ,
      '$_POST[homephone]' ,
      '$_POST[email]' ,
      '$_POST[division]' ,
      '$_POST[judged]' ,
      '$_POST[shirt]',
      '$_POST[mail]',
      '$_POST[AS]' ,
      '$_POST[bE]' ,
      '$_POST[CB]' ,
      '$_POST[CH]' ,
      '$_POST[CS]' ,
      '$_POST[EA]' ,
      '$_POST[EV]' ,
      '$_POST[MA]' ,
      '$_POST[ME]' ,
      '$_POST[PH]' ,
      '$_POST[PS]' ,
      '$_POST[bI]' ,
      '$_POST[EN]' ,
      '$_POST[EE]' ,
      '$_POST[EM]' ,
      '$_POST[MI]' ,
      '$_POST[TE]'
      );") 
      or die(mysql_error( 'Location: http://mysite/mysql_error.php' ));  
      //echo "Row inserted!";
} else {
      $successful = "";
}

  echo "
<h2>Registration for <em> $_POST[Full_Name] </em> has been submitted.</h2>
  <p>You will receive an email to <em> $_POST[email]</em>, within few minutes confirming your registration. If this address is incorrect, or you do not receive this email, please <a href='../contactus.shtml'>contact us</a>.</p>
  
  <p> Some email providers can mark AzSEF email correspondence as span, thus your confirmation email may end up in spam or trash folder. <br>
    To ensure delivery please add azsef@aztechcouncil.com to your contact list.</p>
  <p>Thank you</p>
  <p><a href='../feedback.shtml'>Submit a feedback about this registration...</a></p>
  <div align='right'><a href='../onlineregistration101.shtml'>NEXT</a> ><br>
  </div></td>
</tr>
</table>";

$url = 'http://www.mysite.com/page.php?';
$url .= 'email='.urlencode($_POST['email']);
$url .= '&Full_Name='.urlencode($_POST['Full_Name']);
$url .= '&address='.urlencode($_POST['address']);
$url .= '&city='.urlencode($_POST['city']);
$url .= '&state='.urlencode($_POST['state']);
$url .= '&zip='.urlencode($_POST['zip']);
$url .= '&homephone='.urlencode($_POST['homephone']);

function getPage($proxy, $url, $header, $timeout) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, $header);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_PROXY, $proxy);
    curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
    curl_setopt($ch, CURLOPT_REFERER, 'http://mysite.org');
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0. Gecko/2009032609 Firefox/3.0.8');
    $result['EXE'] = curl_exec($ch);
    $result['INF'] = curl_getinfo($ch);
    $result['ERR'] = curl_error($ch);
    curl_close($ch);
    return $result;
}
$result = getPage('', $url, '', 15);
;}
?>

</td>
</tr>
</table>
<div align="center"><?php include '../virtuals/footer.html' ?></div>
</body>
</html>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Spambot scripts submit data directly to your form processing code and don't really care what you do on your form page.

 

Also, since you are not validating or escaping any of the data being put into your SELECT query (or any of your other queries) to prevent sql injection, someone has probably already listed all the data in your table(s).

Link to comment
Share on other sites
fortnox007 Regular Member

fortnox007

Posted
Posted

So, should I include something like if name is nothing return error? same for other required fields?

use javascript validation as an extra visual helper, but never trust javascript validation. (it can be turned of)

I quickly scrolled through your code and it seems there is no escaping done in the php script.

here is a nice guide which i also still have to master, but the main rule is trust no one including your own in put in an admin environment. http://phpsec.org/projects/guide/

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.