cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

How do I configure the form validation to only accept letters for firstname and lastname?

kims22993834
New Here ,
Apr 19, 2017 Apr 19, 2017

Copy link to clipboard

Copied

I'm working in Dreamweaver CS6 and have a question in regards to the form validation. I already have a hidden input field in place and with the coding in my formmail script it has stopped spam over the years. At the moment however, I'm getting spam where the firstname and lastname fields present with a mixture of numbers and letters.  This spam seems to be only targeting my "Required" fields. Is there a way to specify that the name fields type:text be only letters a to z?

The form validation at the moment is:

<script type="text/javascript">

<!--

function MM_validateForm() { //v4.0

  if (document.getElementById){

    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;

    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args);

      if (val) { nm=val.name; if ((val=val.value)!="") {

        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');

          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';

        } else if (test!='R') { num = parseFloat(val);

          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';

          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');

            min=test.substring(8,p); max=test.substring(p+1);

            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';

      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }

    } if (errors) alert('The following error(s) occurred:\n'+errors);

    document.MM_returnValue = (errors == '');

} }

//-->

If anyone can help it's greatly appreciated.

Views

789

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Rob_Hecker2
Guru , Apr 19, 2017 Apr 19, 2017

You are using machine-generated javascript validation. I use PHP validation, not javascript, and the generated code is not human friendly, so I would not try to modify that function. (but I will provide a solution). Do you understand what I mean? People write code that is easy to understand and modify  by other people. That code isn't written with that objective.

Validation can happen on the form, after the form has been submitted, or both. I will provide a solution that happens on the form.

Remem

...

Votes

Translate

Translate
replies 5 Replies 5
latest latest Jump to latest reply
Rob_Hecker2
Guru ,
Apr 19, 2017 Apr 19, 2017

Copy link to clipboard

Copied

You are using machine-generated javascript validation. I use PHP validation, not javascript, and the generated code is not human friendly, so I would not try to modify that function. (but I will provide a solution). Do you understand what I mean? People write code that is easy to understand and modify  by other people. That code isn't written with that objective.

Validation can happen on the form, after the form has been submitted, or both. I will provide a solution that happens on the form.

Remember that names may contain more than just alphabetical characters. They may contain dashes, apostrophes, empty spaces, accented characters and non-latin characters like umlaut (Klein-Smith, O'brien, Del Oro, Züm).

The following example uses a regular expression to match the name. Note that it explicitly includes accented characters for European languages, but it would reject names using, for instance, Vietnamese characters. It will not allow a name with more than 80 characters. This solution requires the HTML5 doctype. It will not work with XHTML or HTML4.

<input type='text' name='lastname' id='lastname' pattern="[A-Za-zéèàùâêîôûçëïüæœÀÂÆÉÈÊËÏÎÔŒÙÛÜŸ'\s*]{1,80}" title='Some characters may be rejected'/>

An alternative method would be to explicitly reject certain characters, such as <>?*&%. Read up on regular expressions if you want to explore that option.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pziecina
LEGEND ,
Apr 19, 2017 Apr 19, 2017

Copy link to clipboard

Copied

In Response To Rob_Hecker2

For client side form validation use the html5 doctype and html5 form elements as these have built-in client side form validation, (just requires you to say what) see -

https://developer.mozilla.org/en-US/docs/Learn/HTML/Forms/Form_validation

You must use server side validation also.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kims22993834
New Here ,
Apr 20, 2017 Apr 20, 2017

Copy link to clipboard

Copied

In Response To Rob_Hecker2

Thank you for your information Rob, greatly appreciated.


I was wrong, it’s not targeting ‘required’ fields. The spam bot is only filling in last_name, first_name and email. These are required, however I have the enquiry field (textfield) as a required field as well and it’s left out.

I added your code and even though it won’t let me enter numbers and submit the form (...it works for users), the spam bot is still getting through.

This is one of them:

Subject: Enquiry_form1

email: mike@infocapsys.com

realname:

first_name: 58f90f011a573

last_name: 58f90f011a5b5

submit: Submit

reset: Reset

I'm using tectite formmail  and have set a few conditions to stop spam. As mentioned above it has worked over the years. Someone mentioned adding a form check function that you can call on the submit button to check the time taken to submit.

function formCheck(){

var timeStart;

var timediff;

$("input").bind('click keyup', function () {

    timeStart = new Date().getTime();         

});

timediff= Math.round((new Date().getTime() - timeStart)/1000);

  if(timediff < 3) {

    //throw a warning or don't submit the form

  }

  else submit(); // some submit function

}

Do you think something like this will work Rob? When the bot is filling in the form errors arise, however the form is still sent, so I'm assuming that this time check is independent of the form and should work. My site is html5. If you think it will work do I place it in the <head> section (does it need to be read before the form on the page), or a the base of the page? Also where they have - //throw a warning or don't submit the form... is there some code I need to place here to have it not submit the form?

Thanks so much Rob for your advice.

Kim

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
kims22993834
New Here ,
Apr 20, 2017 Apr 20, 2017

Copy link to clipboard

Copied

In Response To Rob_Hecker2

Hi Rob and Pziecina,

Tectite.com have sent through a php file to upload with my existing tectite formmail php, which targets the issue. They're calling it the hexidecimal attack and have a solution you can download here - look under tweet - "Getting spam with "58" at the start of the name field?" Russell Robinson (@tectitecom) | Twitter .

My client hasn't mentioned any more spam, so we'll see how it goes.

Thanks again for all your advice.

Cheers,

kim

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Rob_Hecker2
Guru ,
Apr 20, 2017 Apr 20, 2017

Copy link to clipboard

Copied

LATEST
In Response To kims22993834

I use a honeypot field on forms, and that has worked very well. On the actual form I usually only make the email field the email type, then let PHP do the real work of validation and sanitation on the POST array.

In your case, since you are getting numbers in the name field, it's easy to find out if there are numbers in the field and then reject submissions that contain them. preg_match() could be used for this, or strpbrk(). The function from Russel Robinson probably works in a similar way.

PHP has a set of filter functions for handling form data. https://www.w3schools.com/php/php_ref_filter.asp

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices