Security problem with form and javascript

Hi I'm developing an application with HTML and javascript (jquery), the HTML has a form that later sends an email passing the data by get method.

The email is开发者_JS百科 being sent by php on the server, but until I validated the fields of the form I received mail service notifications with mails undisclosed-recipients:; and all the fields null. My concern is that someone or something is trying to get info. Could anybody help with this.

Note if you need to put my code I can post it but what I want to know is how somebody is passing data null to my php.

You can't rely on javascript alone to do your validation, you MUST validate server side.

You're probably getting visits from bots. Make sure to validate the presence of AND validity of all your fields, and use $_POST instead of $_GET.

Make sure the script that sends the email cannot be accessed by $_GET, meaning by simply typing in the url. If I type in:

http://yoursite.com/contact?email=oops&sendmail=true

It should not be able to send an email, that's why I say to use $_POST. However, if you validate properly it should not be sending you empty values no matter which method you use.

Without server side validation even if you use $_POST,i don't think it makes much difference.Without server side validation one can still post whatever he/she wants to. Any web debugger will reveal where does your page post to and what fields it does.Anyone can create his own page to submit to your server with fields set to values they want.

Based on the information provided, I don't necessarily see a data security risk, however I do see the potential for spam programs to exploit your page and send you thousands of spam messages.