Menu icon Foundation
Form validation / character removal

I have two questions about my form , how do i prevent the form from sending empty non required fields , also how do i prevent the form from sending harmful characters to my server ?

$("#myForm").on('valid', function(e){
      e.preventDefault();      
      var name = $("input#name").val();
      var email = $("input#email").val();
      var phone = $("input#phone").val();
      var message = $("textarea#message").val();
      var dataString = 'name=' + name + '&email=' + email + '&phone=' + phone + '&message=' + message;
     $.ajax({
        type:"POST",
        url:"bin/mail.php",
        data: dataString,
        success: function(){
          $(".contactform").html("<div id='thanks'></div>");
          $('#thanks').html("<h1 class='text-center form_submit_text'>Thanks</h1>")
           .append("<h2 class='text-center form_submit_text'>Hi " + name + ", we will contact you soon </p>")
           .hide()
           .fadeIn(1500);
        }
     });
    return false;
    });
            

         

<?php
$name = $_POST["name"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$message = $_POST["message"];
$msg = "
Name:$name
Email:$email
Phone:$phone
Comment:
$message";
function checkInput($msg) {
        $msg = @strip_tags($msg);
        $msg = @stripslashes($msg);
        $invalid_characters = array("$", "%", "#", "<", ">", "|");
        $msg = str_replace($invalid_characters, "", $msg);
        return $msg;
    }
$to = "@gmail.com";
$subject = "";
$message = $msg;
$headers = "Contact form enquiry";
mail($to,$subject,$message,$headers);
?>
            

         

PHPjqueryform

I have two questions about my form , how do i prevent the form from sending empty non required fields , also how do i prevent the form from sending harmful characters to my server ?

$("#myForm").on('valid', function(e){
      e.preventDefault();      
      var name = $("input#name").val();
      var email = $("input#email").val();
      var phone = $("input#phone").val();
      var message = $("textarea#message").val();
      var dataString = 'name=' + name + '&email=' + email + '&phone=' + phone + '&message=' + message;
     $.ajax({
        type:"POST",
        url:"bin/mail.php",
        data: dataString,
        success: function(){
          $(".contactform").html("<div id='thanks'></div>");
          $('#thanks').html("<h1 class='text-center form_submit_text'>Thanks</h1>")
           .append("<h2 class='text-center form_submit_text'>Hi " + name + ", we will contact you soon </p>")
           .hide()
           .fadeIn(1500);
        }
     });
    return false;
    });
            

         

<?php
$name = $_POST["name"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$message = $_POST["message"];
$msg = "
Name:$name
Email:$email
Phone:$phone
Comment:
$message";
function checkInput($msg) {
        $msg = @strip_tags($msg);
        $msg = @stripslashes($msg);
        $invalid_characters = array("$", "%", "#", "<", ">", "|");
        $msg = str_replace($invalid_characters, "", $msg);
        return $msg;
    }
$to = "@gmail.com";
$subject = "";
$message = $msg;
$headers = "Contact form enquiry";
mail($to,$subject,$message,$headers);
?>
            

         
Geoff Kimball over 5 years ago

If you don't want to send empty fields from your JavaScript to your server, you would need to check the value of each input field and see if it's empty. If the input field is a string, you can check to see if it's length is 0 characters:

string.length === 0

However, I would suggest sending every field, even if they're empty. There's no real harm in it, and either way you're going to have to check for the same variables in your PHP, so you would just be checking for their existence twice. To check for an empty string in PHP, use:

empty($string) === true

As for PHP security, it's a bit outside the scope of this forum, but there are lots of great resources on the Internet about writing code to securely deal with user input for forms, databases, emails, etc. Here's one on email security to get you started:
http://www.damonkohler.com/2008/12/email-injection.html