On Fri, 29 Jan 2010, te...@cnysupport.com wrote:
little uncomfortable making the form submit any more complicated than necessary, since the people who use it are generally already stressed, and I'd prefer to not make them decipher swirly letters.
I find that most form-fillers are robots and stupid, and can be easily defeated by inserting a 'hidden' field into the HTML that is invitingly labelled something like 'e-mail' and then have your form handler test whether it is empty. If not, then a robot has generated an input string rather than using your actual form.
Also, if any fields like phone number can reasonably be expected to be all-numeric, make this a test condition, and it will stop the alphabet-soup kinds of random field entry.
If the form is intended to report URL's for your own site, test to make sure any URL *is* one of yours - any other URL, just toss it..... :)
Really, I was just trying to figure out what the point would be for someone to fill out the form with obviously invalid data.
You would be amazed how many different bulletin boards and forums rely on a simple HTML form to post to a message/report to a large list of people. Or the form is for a 'comment' page whose output is visible to all website visitors. Guestbooks are frequent victims of form spam.
- C
