User fills up the form and hit submit button and all the variables go to the next page or at the same page to script and script then mails or does something with variables. But what if user did not filled the form and submitted the data and your form did not have validation script and blank data just goes to script or suppose you have used the validation script but there is a bot or any spamming software which reads the fields from your form and doesn’t use form at all but grabs the script destination and post his own data towards the script?
How you can apply a check before the script action that the data is blank or actually from was submitted. Here it is:
The page that contains script lets say mail script should contains this check;
<?php if ($name) // it means if variable name was submitted then proceed ahead { // do something } else { echo "Form was not submitted"; } ?> |
OR
<?php if ($HTTP_POST_VARS) { // process form results } else { // display form } ?> |
OR
<? if ($_POST) { // do something } else { // display form or do not do anything or just echo } ?> |
By these following three checks we can check whether the form and variables are being submitted or some kind of cheating is going on….
if ($name) if ($HTTP_POST_VARS) if ($_POST) |
Check email of sender rather then name, recommend I would. If user is submitting his email via form then it must be genuine submission.
Confirm Form Variables Post Before Script Execution is a post from: PHP Magic Book - Free PHP Scripts, Tutorials and Downloads