0

My website form is getting hammered with spam. I have noticed in the "Phone" field the spam bots always insert text rather that a number so I would like to add an if statement to the php mailer blocking the email if the phone field doesn't contain any of the following:

1) I want users to be able to leave the field blank, so empty field must be accepted.

2) Must contain "numbers" or "plus sign" or "spaces"

How would I write this in PHP?

Any help is appreciated

EDIT: Just though lol it would be much easier to just check if the field contains alphabetical characters. How would I do this?

EDIT2: Sorted. I used "if (ctype_alpha ($phone) !== false)"

Chris
  • 431
  • 5
  • 11
  • 18
  • 3
    You can write something like this in a couple thousand different ways. What have you tried so far? – Sverri M. Olsen Oct 20 '14 at 07:35
  • why not a captcha or "what colour is grass?" kind of thing? – jimmy Oct 20 '14 at 07:36
  • possible duplicate of [How to check if a string contains specific words?](http://stackoverflow.com/questions/4366730/how-to-check-if-a-string-contains-specific-words) – BMN Oct 20 '14 at 07:41
  • @ Sverri - my knowledge of PHP is poor so nothing as yet – Chris Oct 20 '14 at 07:48
  • @jimmy - Captcha are just plain annoying. I want it to be as easy as possible to fill out the form – Chris Oct 20 '14 at 07:49
  • @YellowBird - No, I don't want to check if it contains a specific string, I want to check if contains any alphabetical characters at all – Chris Oct 20 '14 at 07:50
  • Could I use "if (ctype_alpha ($phone) !== false)"? – Chris Oct 20 '14 at 07:56
  • Use a 'php validation library' (internet search) that already ha a lot of the standard tests that you can use. One such is: [valitron-the-simple-validation-library](http://vancelucas.com/blog/valitron-the-simple-validation-library-that-doesnt-suck/). – Ryan Vincent Oct 20 '14 at 07:58
  • you could run `str_replace` to strip out the spaces and pluses, and then run `is_numeric` to see if only numbers are left. – jimmy Oct 20 '14 at 07:59
  • possible duplicate of [A comprehensive regex for phone number validation](http://stackoverflow.com/questions/123559/a-comprehensive-regex-for-phone-number-validation) – andy Oct 20 '14 at 08:04
  • Grab the regular expressions from the jquery val plugin, they're pretty well tested: https://github.com/jzaefferer/jquery-validation/tree/master/src/additional - there's a few number varieties for different nations – Luke Oct 20 '14 at 08:04
  • @Chris Why do you specifically require a number? Phone fields are always text because the digits in a phone number in no way represents a numerical value (one that is to be done calculations on). – Alternatex Oct 20 '14 at 08:04

2 Answers2

0

Regular expressions are probably the best way, although not necessarily the easiest to understand at first. But regular expressions are definitely a good thing to learn if you are not familiar with them. My favorite introduction is this site: http://www.zytrax.com/tech/web/regex.htm And this is a good site for interactively building a regex and seeing how it works in realtime: http://www.regexr.com/ I'm sure there are plenty of other similar sites but those are the two I always go back to.

If you search around for a regular expression solution you will find countless possibilities and variations. My personal advice is to keep it simple. I would start with considering how you store the phone number data. I usually just keep the numbers, so I would simplify it by first removing those "allowed" characters and then checking if what's left over is just numbers.

$phone = str_replace(Array('+', ' ', '(', ')'), '', $phone);

That will replace all pluses, spaces, and parentheses with an empty string (i.e. remove them). Then you can check if the string is numeric, and if it is store it, otherwise print/return an error.

if (!is_numeric($phone))
    // stop processing and output an error
phansen
  • 411
  • 3
  • 7
  • Surely the "if (ctype_alpha ($phone) !== false)" example is more simple? Remember the point of this is to stop the spam form submissions I have been receiving – Chris Oct 20 '14 at 08:08
  • Yep as a quick check to prevent your spam problem it should be fine. As Sverri M. Olsen said in the original comment, there are numerous ways to go about it. – phansen Oct 20 '14 at 08:14
-1

First of all You must use some spamblock for example: token, honey pot, captcha etc.

In my country mobile or local phone number contains only 9digits without country code which is +XX. So i create INT(10) field in db. After submit form remove everything without digits.

For example:

$phoneNumber = (int) substr( preg_replace( '#[^\d]+#', '', $_POST['phone_numer'] ), 0, 9 );

In many project allways works.

trzyeM-
  • 923
  • 8
  • 10
  • There is no relation between a 9-digit number and a `INT(9)` database field. The former has to do with the length of a 9-digit string, and the latter has to do with how many bytes are used when storing an integer (and hence how big the number can be). Also, your regular expression does not do what the questioner wants. Read the question properly before answering. – Sverri M. Olsen Oct 20 '14 at 10:23
  • Yes i know, 9 in parenthesis was typo. I thought about 9 digits in phone number and write it in field. – trzyeM- Oct 20 '14 at 10:27