Secure form from being "hacked"

Discussion in 'HTML & Website Design' started by tom_el_camino, Nov 7, 2012.

0
  1. #1
    Dear all, I have a contact form on my portfolio that post to php, and an email is sent with the information left in the form. Normaly, if you don't enter all details, you can't continue (you must leave a valid email address etc, otherwise you get an error message) lately, i've been receiving emails from my "contact form" but everything is empty. is someone trying to hack my website? what can I do to secure my form? here are my html, javascript and php:(ps, I added the code in a separte .TXT file, as this forum doesn't see the code as text...) HTML: [h=2]Contact Me[/h] [h=3]Please, leave me a message![/h] Hi there! What is your name?
    Leave your email address! (like a sir)
    Tell me, What's on your mind?



    JAVASCRIPT $(document).ready(function(){ $('#submit-form').click(function(){ var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/; var names = $('#contact-form [name="contact-names"]').val(); var email_address = $('#contact-form [name="contact-email"]').val(); var comment = $.trim($('#contact-form .contact-comment').val()); var data_html ='' ; if(names == ""){ $('.name-required').html('Ah, come on, just give me your name.'); }else{ $('.name-required').html(''); } if(email_address == ""){ $('.email-required').html('please do leave your REAL email address.. nice try.'); }else if(reg.test(email_address) == false){ $('.email-required').html('Invalid Email Address.'); }else{ $('.email-required').html(''); } if(comment == ""){ $('.comment-required').html('Leaving without saying a word? come on...'); }else{ $('.comment-required').html(''); } if(comment != "" && names != "" && reg.test(email_address) != false){ data_html = "names="+ names + "&comment=" + comment + "&email_address="+ email_address; //alert(data_html); $.ajax({ type: 'POST', url: 'contact-send.php', data: data_html, success: function(msg){ if (msg == 'sent'){ $('#success').html('Message sent!') ; $('#contact-form [name="contact-names"]').val(''); $('#contact-form [name="contact-email"]').val(''); $('#contact-form .contact-commnent').val(''); }else{ $('#success').html('- Mail Error. Please Try Again ! -') ; } } }); }return false; }) }) PHP thanks.
     

    Attached Files:

    tom_el_camino, Nov 7, 2012 IP
  2. Rukbat

    Rukbat Well-Known Member

    Messages:
    2,908
    Likes Received:
    37
    Best Answers:
    51
    Trophy Points:
    125
    #2
    Try this:
    
if(names == ""){
 $('.name-required').html('Ah, come on, just give me your name.');
  return false;
 }else{
 $('.name-required').html('');
  return false;
 }
 if(email_address == ""){
 $('.email-required').html('please do leave your REAL email address.. nice try.');
  return false;
//etc.
    Code (markup):
    Your code will give the user an error message, then send the email.
     
    Rukbat, Nov 7, 2012 IP