We use cookies to make HubSpot's community a better place. Cookies help to provide a more personalized experience and relevant advertising for you, and web analytics for us. To learn more, and to see a full list of cookies we use, check out our Cookie Policy (baked goods not included).

Allow cookies

New submission on Collected Forms

SOLVE
resoiso
Contributor

‎May 19, 2020 11:54 AM

Contacts added that do not pass form validation. Contacts are being created in HubSpot when a user does not pass all field validation on form. It appears this triggers off the click event and not actually a success event. This leads to form spam data getting added to contacts. This is a standard HTML/JS form with field validation and captcha.
Lead Capture Tools
0 Upvotes
1 Accepted solution

Accepted Solutions
Ben_M
Solution
Key Advisor

‎May 22, 2020 12:52 PM

@resoiso wrote:
@Ben_M,
Thanks for your reply!
I understand that you are suggesting client-side validation, which would definitely work, however, at the cost of form security. It’s pretty easy to break client-side JS validation. Thus, it would still require server-side validation to ensure maximum form processing security. Also, the captcha is processed via Google api so I don’t think that client-side would work either (not 100% on that)
Cheers,
Doug

Not necessarily.  What you need is client side scripting to either validate, or trigger your validation at the time of the event and not after a successful submission.  So that could either mean simple javascript validation, which as you know is not the best, or using AJAX to call your validation script prior to a successful form submission.  If you don't do this the non-Hubspot forms feature will continue to see success because there is success in your submission even though validation is failing.

 

Otherwise, you could use the Hubspot forms code to embed on your site.  Or if you prefer to keep your own form and code in PHP, you could disable the non-Hubspot forms feature, and then rely on your PHP script to only post to Hubspot via the API after a successful validation ( https://developers.hubspot.com/docs/methods/forms/submit_form ).  

View solution in original post

6 Replies 6
JessicaH
HubSpot Alumni
HubSpot Alumni

‎May 22, 2020 6:34 AM

Hi @resoiso,

 

Do you mind sharing more about your current set up and what your end goal is? 

What happened and what would you have expected instead?

 

The more information, screenshot, links and examples you can provide the better the Community can assist!

 

Thanks!

Jess


Wusstest du, dass es auch eine DACH-Community gibt?
Nimm an regionalen Unterhaltungen teil, in dem du deine Spracheinstellungen änderst !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !

resoiso
Contributor

‎May 22, 2020 9:10 AM

Hello @JessicaH,
Certainly, however, the mobile UI does not provide for uploading images to the post for me.
My current setup is an HTML form that posts to a PHP handler. There are fields in the form that are required. For example you must have a comment with at least 10 characters, you must provide email, etc. Upon submit the form is processed for validation errors, an array of errors is created, and if the array has length the email is not sent and errors are displayed to the user describing what needs to be corrected in order to successfully send the email.
HubSpot creates contacts from my form. When someone, or a bot, attempts to send an invalid form, a contact is created in my CRM. I would have expected that a contact would not be created until email successfully sent.
In lieu of a screenshot, you can see the form at https://www.resoiso.com/#contact
If you submit an invalid form you will still creat a contact in HubSpot.
Disabling submit until form validation may be an option, but this is a common UX design to help prevent spam and help legitimate users complete the form correctly.
Thank you for your response,
Doug
0 Upvotes
Ben_M
Key Advisor

‎May 22, 2020 10:12 AM

My current setup is an HTML form that posts to a PHP handler.

That's your issue with why you are seeing submissions in Hubspot even though they may fail your validation.

 

PHP is a server-side pre-processor.  So what is actually happening is this:

 

User submits form --> PHP script processes and sees error --> user page loaded to correct errors.

 

Because of this process both the form, and Hubspot, see a success on the initial form submit. The PHP processor actually loads after the form is submitted as a subsequent action, so while the submission may contains errors in validation, this process still results in a valid form submission by definition. In order to prevent the successful form submission, what you need to do is run some sort of client-side script at the onsubmit/onclick stage of the button so that the validation happens prior to the form submission actually taking place.

resoiso
Contributor

‎May 22, 2020 10:35 AM

@Ben_M,
Thanks for your reply!
I understand that you are suggesting client-side validation, which would definitely work, however, at the cost of form security. It’s pretty easy to break client-side JS validation. Thus, it would still require server-side validation to ensure maximum form processing security. Also, the captcha is processed via Google api so I don’t think that client-side would work either (not 100% on that)
Cheers,
Doug
0 Upvotes
Ben_M
Solution
Key Advisor

‎May 22, 2020 12:52 PM

@resoiso wrote:
@Ben_M,
Thanks for your reply!
I understand that you are suggesting client-side validation, which would definitely work, however, at the cost of form security. It’s pretty easy to break client-side JS validation. Thus, it would still require server-side validation to ensure maximum form processing security. Also, the captcha is processed via Google api so I don’t think that client-side would work either (not 100% on that)
Cheers,
Doug

Not necessarily.  What you need is client side scripting to either validate, or trigger your validation at the time of the event and not after a successful submission.  So that could either mean simple javascript validation, which as you know is not the best, or using AJAX to call your validation script prior to a successful form submission.  If you don't do this the non-Hubspot forms feature will continue to see success because there is success in your submission even though validation is failing.

 

Otherwise, you could use the Hubspot forms code to embed on your site.  Or if you prefer to keep your own form and code in PHP, you could disable the non-Hubspot forms feature, and then rely on your PHP script to only post to Hubspot via the API after a successful validation ( https://developers.hubspot.com/docs/methods/forms/submit_form ).  

View solution in original post

resoiso
Contributor

‎May 22, 2020 1:14 PM

@Ben_M,
Thanks for pointing me to the API!
This brought up another thought, could I disable the non-HubSpot form and then bcc in the server-side handler?
Doug
0 Upvotes
New submission on Collected Forms
Marketing
May 22, 2020