PHPMailer Blog

by Andy Prevost
Posted to General
on March 4 2024 at 12:25 am

Home

Follow up Form Validation

On February 26, I wrote an article that included answering a question from a user. 

The question was about merging Form Validator and PHPMailer-FE. 

I use Form Validator extensively. Every form ever implemented by me (individually) or my company used Form Validator. 

It's 2024 and collecting information from your website users is even more risky today than ever. No one will ever reach a point where security is 100% ... but you can get close.

By the way, they seek out website forms because that is the easiest entry point to your web host and your server. If you have any type of database for user logins and registrations, that's at risk. If not, hackers will access your web forms to use your email transportation to deliver emails to their own mailing list, with their own message. That message, the pay load, is often a scam to get the mail recipients to part with their money - and send it to the hacker. Even if you don't have a database, they can still hack into the internals of the web server and access your mail account and contacts.

There are many options available to help protect your forms from hackers and spammers. 

Let's discuss these. You can use real time protection with Javascript (or javascript frameworks like JQuery). These are front-end solutions, in that they run in the browser. They are designed to track the user's input as part of the form submission process.

Another "front-end" strategy is to capitalize on recent developments in HTML. HTML 5 includes some security features where you can limit or target the data that users submit through the form. 

All of the javascript solutions and all of the HTML 5 solutions can be easily hacked. Because they are running in the browser, hackers (even with basic skills) can break out and submit their data.

The only technology that hackers can't easily defeat is server-based security. That's why I use Form Validator. It runs on the server after the user submits the form and processes the data submitted in an environment that can't be manipulated by hackers or spammers. Form Validator has a special feature too ... if the form fails validation (for whatever reason), all of the submitted data is returned back to the user's browser and populates back into the form for "fixing" and resubmission. That way you don't frustrate legitimate users that may have just made a simple mistake. They do not have to re-enter data.

Back to how this article started, this is a follow up to the original article. The premise, I suppose, of the original question was to ask about putting Form Validator together with the email transportation (PHPMailer-FE). Quite frankly, I had never thought about it before ... never, ever, have I used Form Validator without an email transport. It actually makes sense to have both of these as one single product. There are efficiencies of scale in this. One class load, two distinct processes. Actually, three distinct processes ... PHPMailer-FE can also act as an auto-responder. 

PHPMailer-FE has always had basic auto-responder functionality. Auto-responder means that you are sending some sort of response back to the original form submitter. It's usually to let me know that you have received their data and taking steps to respond. 

There are also more elaborate auto-responders ... for example, online course designers use auto-responders to both instruct and test user's on a specific class. If they pass, the auto-responder advises them of the pass (or fail) and forwards them the next lesson. All by email. 

I had recently added extra functionality to PHPMailer-FE to move more in the custom auto-responder direction -- however, I've stopped that while pondering the possibility of merging Form Validator and PHPMailer-FE.

Here's an update: we are going ahead and building PHPMailer-FVE. FVE = Form Validator and Email. The new features are exciting. I write this after finishing the last of the coding. I have now tested the full-circle of completing a website form, evaluating the data and sending the email with the form data to the website administrator, and then sent a full HTML email back to the original form submitter. Not just a basic HTML ... but an extra-complicated HTML message with multiple embedded graphics and complex layout. 

What is exciting about this is that it was fast, incredibly fast. It displayed properly in webmail and also displayed properly in Outlook. 

Can't wait to do more testing and releasing this.

Keywords: Form validation, email, marketing, testing, html

Add a comment