Securing Web Forms

[russellbain]

Hi everyone, this is my first post. I am a complete beginner at web design as I come from a networking background. This last week or two I have been asked to do some work on a website so I thought I'd give it a go. I have been asked to set up a secure web form that will send the contents of the form entered by the user to an email address selected from a drop down menu on the page. I managed to get the form working and sending email but when I added Captcha to the page it seemed to work i.e it checked if the user had enetered the correct number then it would go onto the thank you page but it would not send the email now. The emails were sending fine before I added the Captcha. I did some research into this and found out that because there was echos in my Captcha validation code it was preventing the email from sending. I have been pulling my hair out trying different methods this past week. I was wondering if anyone on here could give me some advice or maybe an alternative way to do this? If it is easier I can post my code.

Thanks in advance guys

[Ryan Fait]

Oh dear, JavaScript is not where you want to be. It's the most unsecure method to send form contents. You need to look into server side programming like PHP (my preference) or ASP.

[ukgeoff]

Write JavaScript to carry out validation at the client end for quickness and convenience for the user but you absolutely MUST do it again at the server side if for no other reason than they might have JavaScript turned 'off'.

Validating at the client side will not effect data in your form fields. However, once you send the data server side for validation and processing, if you return the user to the same page on failed validation, the fields will be empty unless you take steps to create 'sticky data'.

You do this by making the value attribute of a field equal to some php variable (usuming php is your server side scripting language) that has been used in the validation/processing script.