I have added a piece of code to my php form that apparently should stop (or at least) minimize spam. It doesn't. And since I added it every form that doesn't get filled in says:
form: Array
in my inbox.

Now, I have also added a piece of code that shouldn't send me anything if the email field is empty. If I just hit the submit button, without entering anything, it takes me to a page that says 'Please make sure you fill out the email field correctly' - but it still sends me the empty form (with 'form: Array').

You might notice, I am not too good at this - I was happy and proud that I got it to work at all - but now the spam has become an issue that I have to solve, somehow. Can anyone explain to a blondie where I have gone wrong in my script, please?

<?php

	$to       = 'email@me.se';
	$subject  = 'Form';
	$message  = '';
	$headers  = 'From: ' . $_POST['email'] . "\r\n";
  	$headers .= 'Reply-To: ' . $_POST['email'] . "\r\n";
   	$headers .= 'X-Mailer: PHP/' . phpversion();
	$email    = $_REQUEST['email'] ;

	if(empty($email)) {
     $errors++; //
     echo '<div>Please make sure you fill out the email field correctly</div>';
   }
	foreach($_POST as $Key => $Value)
	{
		$message .= $Key . ": " . $Value . "\n";
	}

	mail($to, $subject, $message, $headers);

 	header('Location: thanks.html');
	
	if(!preg_match('/mozilla|msie|safari|opera/i', $_SERVER['HTTP_USER_AGENT']))
{
    die('You May Not Access This Form Programatically');
}else {
    mail('email@me.se');
}


?>

I have solved the array thing (when I get an empty form it doesn't say 'Array' anymore) but I still can't get the email field to be mandatory... It takes me to te ' fill in correct email address' page but it still sends the form through... Anyone?

Member Avatar for Rhyan

Well, I would propose you the following:

Instead of validating after post and then having the user returned back to the post page for correcting his data, I would recommend you to use both javascript and PHP for validation. Use javascript to validate if fields are empty or they contain correct data (e.g. numbers for phone fields, etc), and on php side do your best for preventing execution of harmful code.
The idea is that javascript will prevent customers from sending empty forms, while php will validate the values and send you the validated content.
To make things better, you can always create your php code to validate against empty fields and wrong data as well, in order to make sure that users, which have disabled javascript are unable to pass wrong data...
Check javascript section for information on how to validate fields in a form.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.