How should I validate this email form?

14 replies
I need some kind of validation to make sure the fields contain date, I get a lot of blank emails. Any ideas on how to do that with this form?


<form action="step2.php" method="post">

Name<br/><input type="text" value="" name="username"/> <br/>

Email<br/><input type="text" value="" name="email"/> <br/>

Inquiry<br/><textarea row="7" cols="30" name="inquiry"></textarea><br/>

<input type="submit" value="send your email" name "submit">

</form>
#email #form #validate
  • Profile picture of the author cmaclean
    If you're familiar with PHP, do some validation in 'step2.php'. Here's a very simple example:

    $userName = $_POST['username'];
    $email = $_POST['email'];

    if((trim($userName) == ""))) {
    echo "You must enter a username.";
    }
    elseif((trim($email) == ""))) {
    echo "You must enter an email address.";
    //I would actually check for a valid email address
    }

    If you're not familiar with PHP, use a CAPTCHA if you're receiving spam inquiries.
    The Official CAPTCHA Site

    Services like Wufoo or Machform (a self-hosted form creator) allow you to create forms easily with validation options you can select.
    Wufoo: Wufoo: Online Form Builder - Create Web Forms & Surveys
    Machform: MachForm - PHP HTML Form Builder - Mailer Form Creator
    {{ DiscussionBoard.errors[2540941].message }}
    • Profile picture of the author topfree
      Originally Posted by cmaclean View Post

      If you're familiar with PHP, do some validation in 'step2.php'. Here's a very simple example:
      Here is my current php setup, how should I add that code to it?

      <?php

      $name = $_POST['username'];
      $email = $_POST['email'];
      $text = $_POST['inquiry'];

      //To, Subject, Message, Header
      mail('myemail@somewhere.com', 'Inquiry', $text, 'From: ' . $name . ' <' . $email . '>');

      header('location: step3');
      ?>
      Signature
      {{ DiscussionBoard.errors[2541018].message }}
    • Profile picture of the author lknielsen
      I modified the code you pasted for step2.php, here is a modified version that will validate your form:

      <?php

      $name = $_POST['username'];
      $email = $_POST['email'];
      $text = $_POST['inquiry'];

      //*****Switch to decide whether to show error or move on.
      $validation_switch = "ON";

      //*****Change this value to a custom error message alert.
      $errormessage = "Error\n";

      if((trim($username) == ""))) {
      validation_switch = "OFF";
      $errormessage.= "You must enter a user name.\n";
      }

      if((trim($email) == ""))) {
      validation_switch = "OFF";
      $errormessage.= "You must enter a valid email.\n";
      }

      if((trim($text) == ""))) {
      validation_switch = "OFF";
      $errormessage.= "Please remember to enter your inquiry.\n";
      }

      if($validation_switch == "ON"){

      //To, Subject, Message, Header
      mail('myemail@somewhere.com', 'Inquiry', $text, 'From: ' . $name . ' <' . $email . '>');

      header('location: step3');
      }

      if($validation_switch == "OFF"){
      echo "$errormessage";
      }

      ?>

      I could have used an elseif there, but this makes it more clear.
      {{ DiscussionBoard.errors[2604593].message }}
  • Profile picture of the author bucksuper
    Hello,
    I've used this form validator on quite a few projects. All the instructions are on the following page and it's super easy to use. JavaScript Form Validation : quick and easy!

    If you need any assistance getting it going feel free to get in touch with me.
    Best of luck!
    Signature
    300% Traffic Return check out Trippy Wire Content Exchange! (100% FREE!)
    Trippy Wire Content Exchage Network

    Trippy Wire is looking for partners in these niches niches: Humor, Movies, Gaming, Celebrities, Entertainment, Sports, Food & Drinks, Hot Women, Technology & Transportation.
    {{ DiscussionBoard.errors[2542481].message }}
  • Profile picture of the author mihir
    I have used this really good looking form validation, it looks really cool.

    http://tetlaw.id.au/view/javascript/...eld-validation
    {{ DiscussionBoard.errors[2547908].message }}
  • Profile picture of the author sbglobal123
    THANKS FOR SHARING INFORMATION
    {{ DiscussionBoard.errors[2552807].message }}
    • Profile picture of the author hhunt
      Originally Posted by sbglobal123 View Post

      THANKS FOR SHARING INFORMATION
      Pay attention to CAPS LOCK - they are frowned upon.

      That said, whatever validation you do on client-side, it is a good practice to also validate on the server-side. Scammers will always inject data into your 'step2.php', so make sure you validate it, otherwise you will continue getting blanks and garbage emails.

      Just a thought!
      {{ DiscussionBoard.errors[2558157].message }}
  • Profile picture of the author SteveJohnson
    Just a quick note: do NOT depend on javascript validation. Yes, most users haven't turned off javascript in their browsers - but the bad guys do.

    I could use your email form to broadcast thousands of emails and you wouldn't even know it until your hosting company shut you down.

    Google 'php email injection'; you'll get some ideas of how to sanitize your form data before sending it.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2558073].message }}
  • Profile picture of the author zeeshi570
    Must use JQuery validation its great.
    {{ DiscussionBoard.errors[2558098].message }}
  • Profile picture of the author Dagobert
    U can try regex.
    in javascript:
    /^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/.test("email address");
    return true or false.
    {{ DiscussionBoard.errors[2587623].message }}
  • Profile picture of the author SteveJohnson
    Sorry, but that's not any kind of validation worth mentioning. It just checks to see if a form field is empty. That's not nearly good enough.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[2605242].message }}
  • Profile picture of the author phpbbxpert
    SteveJohnson is correct..
    None of these examples actually validates anything.

    You need to first strip out any code the user may have entered in any of the fields.
    Then see if the fields are empty, if not --

    Check that the email address is valid using an array of different expression patterns.

    Then make sure that it was actually submitted eg. testing for the following --

    Make sure that it was submitted from your actual script and not hijacked via cURL or other functions and used to spam every email on the internet.

    And I am just winging it, probably missed a check or 2.

    All of these checks need to be done with a server side language eg. PHP

    A really good captcha should be used also unless you want a 1000 bot submissions.

    JavaScript validation is for pretty checks to notify the user they messed up.
    Its not validation by any means.


    If you can't pull off all of these true validations, I suggest hiring someone that can code it properly and secure.
    {{ DiscussionBoard.errors[2605612].message }}
  • Profile picture of the author ryanhall789
    It is difficult to know what of validation that actually is, it is only to know whether a form field is empty or not.
    {{ DiscussionBoard.errors[2673909].message }}

Trending Topics