website security - blank forms
I'm new to programming. I have 2 sites with php forms.
1. On the first one, I get blank forms emailed to me (and also entered in my mysql database) even though there is validation on most of the fields (no blank fields allowed). What can I do to stop this.
2. The second site is more disturbing since the code for the form is not even online yet but I still get blank forms. I am just testing it but it's in the directory where all the other files are. How can bots get to it if it isn't online?
I would rather not use captcha. I have put a robots.txt file on both sites disallowing the *.php files.
Thanks for any help. I really need it.