Contact Forms: Verify the Data
Almost every website has a contact form and with good reason. Contact forms are an easy way for your customers to contact you. The visitor to your website can email you directly from your website instead of opening their email program to send you an email. This creates greater flexibility for the site visitor. However, it also creates a better email to you because contact forms, unlike a generic email, allow you to collect specific information, such as a name or email address, from your website visitor.
While there is a lot you want to make sure happens when your website visitors submit a contact form, one very crucial thing you want to ensure is that the data submitted through the form is verified.
In addition to reducing spam (more on that in a minute), verifying the data also ensures that you will get what you expect when somebody fills out the contact form on your website. For example, if you want somebody to enter their name on the form, then you need the contact form code to verify that they did in fact enter in a name prior to sending the email. In the same way, if you want somebody to enter their email address on the form then you need to not only make sure they entered an email address but you also need to make sure that it at least looks like a valid email (for example "fdsafsa" is not a valid email while "info@qwconsulting.com" probably is).
Once you do decide on which fields are required and which fields need to be checked, the verification code needs to be written. Unfortunately a lot of websites do the verification code in an insufficient manner by writing the verification code so that the code can be easily disabled by the person submitting the form. This would be like a grocery store giving the shopper the ability to change the prices on their merchandise. It just doesn't make sense!
At this point, there are two questions: Why is this? What is the better answer?
Well, there are two kinds of ways to write the verification code that will check that the information submitted through your contact form is correct and what you expected to see. The first method is using what is called client side code and the other method is using server side code. Client side code runs the verification through the client's browser while server side code runs the verification code from the server.
Since client side code happens on the website visitor's browser, the website visitor has the option to disable the contact form verification by disabling certain features in their browser. In other words, this means that the website visitor could disable the checks, skip entering in the required information and still submit the form.
Alternatively, server side checks happen on the server, within code that can't be changed by particular browser settings. Instead, when the contact form is submitted the code asks the server for the code that is supposed to verify the form. As a result, the website visitor can't disable server side checks and therefore will have to enter in a name if the name field is required.
Why worry about server side checks? After all, as so many of my clients have said, "Nobody will disable the client side code before submitting my form! Who cares?"
There is some merit to this because the average website user doesn't know how to disable browser settings. However, there are applications written that crawl through websites and exploit these unprotected forms. The so called robots are then able to submit spam results to your contact form because the robots completely ignore that client side code. However, a spam robot can't as easily bypass server side code, especially if the server side code is well written. (For more about how to prevent contact form spam, learn about why you need a captcha field.)
To make sure your contact form is verifying data correctly, and fighting spam as much as possible, contact QW Consulting today.
Stay Updated
