1 of 1 people found this helpful
Above, the custom field "ChrisTestField" is compared to a defined Event Code "EventCode".
In the flow, you can then email alert if they have successfully registered or not and add them to event registration or not.
This isn't the prettiest implementation, but it would work without needing any coding skills.
We generally do this at the form level. It's a variation of the Confirmation Code pattern.
Check this example (live at MktoForms2 :: Confirmation Code):
You control valid submission of this form by checking the Download Passcode when determining the Thank You/Follow Up URL. The user can't look at the form HTML to grab a correct passcode, because it is only stored on the server (not on the client):
You can have more than one valid download code, which can be a great assist in attribution (give out one download code at each tradeshow, for example).
In the above example, we're redirecting the browser to the asset URL immediately. You can easily switch this up to sending an email w/the URL instead: trigger on a visit to one of the valid Thank You URLs (obvs. you don't want to make those URLs easy to guess -- add a random query string and nobody is going to end up on the Thank You page by accident).
In the end, web form security is up to the server, not the client. And while it would be great if Marketo could recheck validation rules on the server before even allowing the form to post, that's not the way the forms endpoint works. So the next best thing is to use server-side stuff (form-level rules or flow-level rules) to detect and discard invalid post data.