Bogus Applicants

[paymatters]

I keep getting complete garbage applications on my website.

We added validation to telephone number fields (they can be blank or must be a number) but still get apps like this:

telephone1: PTAbuwVHmbvhrw
telephone2: GbVzlnSfRMtnzqPt

can anyone explain please!

(consolidate.me.uk)

 

[devolution]

What kind of validation do you have?

Is it Javascript, PHP etc?

Here is some php code:

function check_field2($field_name_2)
{
  if(!preg_match(”/[^0-9\ ]+$/”,$field_name_2))
  return TRUE;
  else
  return FALSE;
}
 
if(!check_field2($your_phone))
{
  echo “Illegal input $your_phone in ‘your_phone’”;
  $error++;
}

 

[paymatters]

Thanks for the reply devolution. Afraid I'm not too technical but validation does stop you submitting the form if you enter text in the phone field. So it does appear to be working.

They must be by-passing the validation somehow? or have an old copy of the website from google cache??

 

[FC Domains]

Because spammers are posting directly to yout PHP form handling program, bypassing your Javascript.
Even putting checks in the PHP won't stop them for long. They'll soon figure out a valid form.

The solutions are complex. Have a read at http://www.mindpalette.com

 

[Jeewhizz]

You could try using the re-captcha facility - worked wonders for one of my sites

 

[stevebrowne]

You need to carry out the same/similar checks in PHP that you are in JavaScript. Some bots and things post directly to your PHP page and don't oad the JS at all, so will not be affected by any client side validation.

 

[paymatters]

Cheers folks look really helpful replies!

 

[retired_member27]

Goggle "Sanitize terms to avoid SQL Injection security risk", basically you need to use server side coding (I use Perl) to check (and sanitise) every single input field from a form that is used to query a database, never rely soley on client side (Javascript) coding.