How to Avoid Bot Spammers in APEX
If you've ever developed a public web application with a form on it you may notice that you may get bot spammers trying to enter information into your application.
There's a simple trick that a friend of mine, Sean Rabey, at Pump Interactive showed me which will help you reject submissions from bots.
Sean suggested that I use an input field and then hide it with CSS. Humans entering data into the form won't see the field and therefore won't enter anything into it. Bots on the other hand may try to fill out this field and can't detect whether or not it's visible in the browser. If your "special" field has data in it you can reject the submission since you know it's not a human entering the data.
Here's an example of how you can do this in APEX. You can view an example here: http://apex.oracle.com/pls/apex/f?p=20195:2900
- Create a "Dummy" item Set "HTML Form Element Attributes" to class="hideMe"
- Configure "hideMe" style Add the following in your application somewhere (or to a CSS file)
- Add validation to catch bot entries Type: Exists Validation Expression 1:
SELECT 1 FROM DUAL WHERE :p2900_dummy IS NULL