Maths sum for javascript validation on form

Question

Trying to create a very piece of validation to prevent spammers. I want a field with a label saying 'What's 2 + 7?' so the Javascript needs to know the result and pass the validation. I'm struggling to write this, would it be something along the lines of:

var valid = '';
var required =  ' is required';
var sum = $('form #sum').val();

if (sum == '9') {
    valid += '<p>An answer is' + required + '</p>';
}

Answer 1

Client side validation via Javascript is not going to do much to guard against spammers. Most spammers will have bots that don't even parse Javascript.

The only way to do this reliably is to handle it server side.

I would recommend trying something like Recaptcha: http://www.google.com/recaptcha

Answer 2

It is hard to tell exactly what's needed without looking at more code.

A simple question like this may very well work if it is generated server side and it is a lot better for accessibility than captchas. In order to be effective the question and answer should also be randomly selected.

You may chose to include a pre-submit client side validation for usability purposes, but since spam bots ignore JavaScript, it is useless to prevent them, unless you do something really complicated.

A bonus tip off topic: Your JQuery selector is inefficient. When using an id-selector you will never need to include its parent.

Answer 3

Ok so this is not going to answer your question per se but I want to suggest that you don't do this. Creating these spam preventions mechanisms is actually very complicated and your idea isn't really going to work if a spammer really wants to come after your site. I would suggest you look into a service called recaptcha . It is free, easy to set up and the information entered by users is put to use digitizing old books.

Answer 4

As I wrote in comments, you could prevent the bots from posting your data with just a javascript by itself. Let me explain how you could do it:

1. You could set initially the wrong or empty action for your form and later, with the help of javascript, set it to the correct one if the answer on the 'sum' was correct. Or even without the request for 'sum' as most of the spam-bots do not run js.

2. You could insert a hidden field named 'passed' with false initial value of it. Again, based on form interaction, you could set it to true and later check the data from the form (the value of this hidden field) on the server.

3. The last method, which I prefer in most cases, is to encode html code of your form with, for example, base64 and use your javascript to convert it back to HTML code. As soon as bots do not run js, they will not even know that you have a form on the page. The good part here is that you do not have to ask a person to enter something else in the form.

All these methods can be bypassed by a person interested in spamming on your website. He could check the final data sent to the server and create the set of the same requests to your server. That is why you need some server-side support in order to prevent you form even from manually crafted spam requests.