Some questions about form functionality

Hi,

I've done contact forms before, but I still feel very uncomfortable with them, especially if there's a lot of PHP involved. I'm want to get to a point where I can make the ultimate contact form with clean coding (and not use a 3rd party solution), and just use that for every website I make.

Here are my questions:

1. How do you make validation on the same page?

Previously, I've set the form action to "validate.php" and the validation, error, and thank you messages would appear on the next page. However, I am also using a form built by wufoo.com, and when you send a message with their form, it will validate and say "thank you" on the <div> itself, without refreshing the page!

2. What's the best form of spam protection?

Ok, captcha is effective, but is just a really big turn off for people and I'm sure alienates a lot of people with poor close-range sight. I can't say that it's a valid option. I've also seen math problems. I've heard of the honeypot method (invisible fields). And my favorite actually, is a 3rd party solution, where you click on a certain picture to serve as a "submit" button (you can see it in action here). Anyway, what do you think is the most effective?

3. Anything else?

Anything else that a fundamentally-sound form should have?

Thanks.

-RON

1. On a simple form, use JavaScript validation... The more complex the form or the data that you are looking to collect... You may want to do some server side scripting validation where you can use Regex filters to determine if the data is in the proper format.

If you're going to be putting the data in a DB, then server side validation and filters to strip out all but algal numeric characters should be good.

2. I've been experimenting with using a hidden CSS text area for spam filtering... Catches 100% of spam bot submissions... Cause they never load the page... And they always enter their garbage in the hidden text area, that any browser is will not display... Ok... Maybe not ie 6 and before... But I use other methods to disable stuff for ie6 ( won't go into that )...

Captcha will not stop human spammers.... Nothing will stop human spammers... But those are few and far between... I've removed the captcha from about all of my client sites opting for the hidden text area ( hidden with CSS ). Spam rates have not gone up...

I use processing on the server side once a spam bot submission is made... Send those to only me... All others to to where the client wants then to go.

I also use an ip filtering system... IP address lookup... If they hit my crawler trap, automatically added to list... 2 spam bit submissions through the contact form, they are added to the list... I remove that ip after 6 months if it's not from china or Russia... If they are.. I leave them in.


3. Use JavaScript to disable or hide the submit button until all required fields are filled in.

Just my way...

Webzarus,

Thanks. That validation process was really bugging me. I am just finishing my 2nd landing page and have a front-end and back-end validation, using Jquery Validation Plugin (what a great find!) and PHP/REGEX. I feel good about my form now. Also, I feel as though it'd be difficult to create a well-validated form without both front and back end validation.

I went with the honeypot method for now. I suppose I could spend more time learning about spam protection and trying to do the things you described, but it seems really complicated and not fun to read about. Prefer to learn more about other things if I'm going to learn stuff.

-R

Get the hang of PHP first. Then learn about JavaScript and AJAX. Then you'll be able to create forms like this no problemo!

I tried to make a simple form like the one you requested. It gives the error on the same page ( contact.php ). Copy the code and name the file to 'contact.php'.
Here is the code:

PHP Code:

---

<?php

    if (isset($_POST['contact_name']) && isset($_POST['contact_email']) && isset($_POST['contact_text']) && isset($_POST['contact_number']) && isset($_POST['contact_address']))
    {
        $contact_name = $_POST['contact_name'];
        $contact_email = $_POST['contact_email'];
        $contact_text = $_POST['contact_text'];
        $contact_number = $_POST['contact_number'];
        $contact_address = $_POST['contact_address'];

        if(!empty($contact_name) && !empty($contact_email) && !empty($contact_text) && !empty($contact_number) && !empty($contact_address)){
            $to = 'someone@webdomainname.com';
            $subject = 'Contact Form Fillup Mail';
            $body = $contact_name."\n".$contact_number."\n".$contact_address."\n".$contact_text;
            $headers = 'From: '.$contact_email;

            if(@mail($to,$subject,$body,$headers)){
                echo 'Thanks for contacting us, We will be in touch.';
            }
            else{
                echo 'Sorry, an error occurred';
            }
        }
        else{
            echo 'All fields are required.';
        }
    }
?>

<form action="contact.php" method="POST">
    Name:<br><input type="text" name="contact_name"><br><br>
    Email address:<br><input type="text" name="contact_email"><br><br>
    Phone number:<br><input type="text" name="contact_number"><br><br>
    Address:<br>
    <textarea name="contact_address" rows="2" cols="30"></textarea><br><br>
    Message:<br>
    <textarea name="contact_text" rows="6" cols="30"></textarea><br><br>
    <input type="submit" value="Send">
</form>

---

If you have any queries, please revert back. Also, I am new in PHP too, so I am open to any sort of 'fixing' that this form requires.

PS: Do change the '$to' variable's input from 'someone@webdomainname.com' to the email address you want for THAT server. Don't use Hotmail or Yahoo mail emails, because it will show SMTP error. Though I have used '@' before 'mail function' which will not print the 'default' error (if it happens), it will just show 'Sorry, an error occurred'.