Stop form from submitting empty fields

All Topics → Question → Stop form from submitting empty fields

ezoehunt
September 19, 2012 at 10:43 pm
Tags: form security, form submission

Hi,

A few final questions about my project. I have a form with quite a few fields that are optional. If user doesn’t fill them in, the form still submits them and creates empty custom fields in the database.

To be clear, I’m not asking about the display issue – I’ve got that covered. What I’m hoping for is a way to stop the form from inserting the key/value pair when the value is empty. Is this possible?

Also a general question about form security. I’ve added some validation relevant to what I’m asking users for. But am not clear on what validation is built-in to FRM and/or to the WP processes you’re using. Does FRM do any checking, or is that up to each developer to do that?

I’m not an expert on validation and security, so I don’t know what to ask here. Basically I’m asking how safe FRM forms are for accepting user generated content. Thanks.

Steph Moderator
September 20, 2012 at 12:09 pm

Maybe we could make a small change to prevent empty custom fields from being created. This is untested, so maybe you could try it out? Please open formidable/pro/classes/models/FrmProEntry.php and go to line 321ish.
update_post_meta($post_ID, $post_data[1], $value);

Change this line to:

if($value == '')
    delete_post_meta($post_ID, $post_data[1]);
else
    update_post_meta($post_ID, $post_data[1], $value);

I'm not really sure what you mean with your validation question.

ezoehunt
September 24, 2012 at 5:16 am

In my file I don't see the line you're referring to. In FrmProEntry.php, at line 331 I see this:

update_post_meta( $post_ID, '_edit_last', $user_ID );

Is that what I should change?

My other question was about security. I was asking if you do any sanitizing, etc on the data before inserting it? Or does WP do that? Or do I have to do that myself?

Thanks.

Steph Moderator
September 24, 2012 at 9:50 am

No, find the line
update_post_meta($post_ID, $post_data[1], $value);

ezoehunt
September 24, 2012 at 10:16 am

That line does not exist in the FrmProEntry.php file. I have searched for it and it is not there.

Steph Moderator
September 24, 2012 at 10:21 am

It's line 321 in v1.6.5, and is exactly this:
update_post_meta($post_ID, $post_data[1], maybe_serialize($value));

ezoehunt
September 24, 2012 at 11:14 am

Got it. Will try that. Thanks!

Topic closed.

Stop form from submitting empty fields

Help Desk Categories

Login

Navigation

What people are saying

From the Blog