Jump to content
Larry Ullman's Book Forums

Recommended Posts

Spammers are sometimes visiting my new website and entering false data in my register.php script. The result is that they don't register and several php error log messages are emailed to me. I get an error message email for each form field that has an undefined index. I would like to know how to stop getting these emails. Here is a copy of a section of the error message email. 


An error occurred in script '/home/strawb15/public_html/examplesite.com/register.php' on line 40: Undefined index: emailArray
[_GET] => Array

[_POST] => Array
[username] => hebirchfijose
[usermail] => aulbachpuid@sohu.com
[userpass] => E970d483-
[usersex] => 1
[userliving] => 16
[bdayy] => 1930
[bdaym] => 3
[bdayd] => 12
[imgcode] =>
[formsubmit] => Y
[submit] => 確定

[_COOKIE] => Array

[_FILES] => Array


[_SERVER] => Array
[CONTENT_TYPE] => application/x-www-form-urlencoded
[DOCUMENT_ROOT] => /home/strawb15/public_html/examplesite.com
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;image/png,image/jpeg,image/*;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => en-us;q=0.7, en;q=0.3
[HTTP_CACHE_CONTROL] => max-age=259200
[HTTP_CONNECTION] => keep-alive
[HTTP_HOST] =>www.examplesite.com
[HTTP_REFERER] =>http://www.examplesite.com/register.php 
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
[HTTP_VIA] => 1.1 117-30-149:55336 (s.r577)
[PATH] => /bin:/usr/bin
[phpRC] => /home/strawb15/public_html
[REMOTE_PORT] => 13417
[REQUEST_URI] => /register.php
[sCRIPT_FILENAME] => /home/strawb15/public_html/examplesite.com/register.php
[sCRIPT_NAME] => /register.php
[sERVER_ADMIN] => webmaster@examplesite.com
[sERVER_NAME] => www.examplesite.com 
[sERVER_PORT] => 80
[php_SELF] => /register.php
[REQUEST_TIME_FLOAT] => 1433928348.53
[REQUEST_TIME] => 1433928348
[argv] => Array

[argc] => 0


Link to comment
Share on other sites

You need to do a couple of things. First, change your validation code to check if values are set so you won't get the undefined index errors. Second, you could add code that catches spammers (specifically bots) and ignores those submissions. A common solution is to include a hidden input that should not have a value, as bots might populate it automatically. Even better is to have an actual input that's hidden via CSS. 

Link to comment
Share on other sites

Hi Larry,

Ok, so as for validation, can you clarify how I would add validation to the following code. And as for code including a hidden input, I am already using that, and I also have an input thats hidden via css. Wonder why that isn't working. My code for that is below too. Please advise me on how to improve if possible. thank you

if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['last_name'])){
$ln = mysqli_real_escape_string($dbc, ($trimmed['last_name']));
} else {
$errors[] = '<p class="error">Please enter your last name</p>';


<p><div class="fielde">Leave this field blank<input type="text" name="idea" size="15" maxlength="50" /></div></p>
<input type="hidden" name="correctsum" value="<?php echo $sum; ?>" />
<p><b>Mathematical Security Question:</b></p><label for="captcha" class="label"><b><?php echo $number1.' + '.$number2.' = '; ?></b></label><input type="text" name="captcha" size="5" value="" /><small> Enter only numbers</small></p>
Link to comment
Share on other sites

It's not clear how your code relates to the error message, but you just, for example, need to add isset($trimmed['last_name']) to your preg_match() line.


For your inputs, you don't show the code that makes use of those, so I can't really speak towards them, but I meant to use a hidden input without a value, whereas yours has a value.

Link to comment
Share on other sites


  • Create New...