Prevent Automated Form Submissions With Java Script
By Stephen Bucaro
you can use a submission form to allow your web site visitors communicate with you.
A visitor enters their information into the form, and then they click on the [Submit]
button to the send the information to your email or to an application on your server.
Unfortunately, spammers have robots that search the Web for such forms and when
they find one, they use automated programs to submit thousands of spam.
Webmasters have developed a method to prevent such abuse. You've probably
encountered this method yourself when you tried to submit a form. The form displays
a password that you must type in before you can submit the form. The spammer's
robot cannot read the password because it's not character code, it's an image.
Sometimes the image uses a different font for each character and also has extraneous
lines and marks. This prevents optical character readers from reading the password.
In this article, I'm going to present you with three different examples of using Java
Script to implement this method for your own web form. Each subsequent method
will use greater sophistication to create a graphic image password. You might think
the code for such a feature would be extremely complicated, but it actually turns
out to be amazingly simple.
The first thing that I want to present to you is some basic Java Script code for
extracting data from a form and validating it before submitting the from to the server.
This code is shown below.
if(field.indexOf("bucarotechelp.com") < 0)
var error = 0;
if(MyDomain(form.email.value)) error = 1;
Examine the second function, Validate. It receives the form as an argument.
The first line inside the function creates a variable named error and sets its value to 0.
The second line calls the function MyDomain, passing it the data that the user typed in
the form's email text box, and if MyDomain returns the value true, it sets error
to 1. Below that is an if structure that, if error is 1 displays an Error message box,
or if error is 0 submits the form.
Examine the first function, . It receives the data that the user typed in
the form's email text box, and if it finds the domain name bucarotechelp.com in
the data, it returns true to its calling function, Validate. In other words, if some
fool tries to use my domain name in their email address, they get an error message and the
form is NOT submitted.