if ($form_field eq '') {
print "You need to select something";
}

This way, if I make it required, it will be harder for spammers to submit to my site.

Welcome aboard Bacchus1, but in reality, this won't stop them at all.

I have logs for all data sent to any web forms. This is dfferent than web logs or mail logs in that it logs the data input. What I've gathered over the years by reviewing the data sent to the logs is that the programs they are using "test" the form fields by sending the data directly to the form processor (i.e., your script) until a) the required fields are fulfilled and b) a field is found that directly inputs data into the mail header, specifically the to, from, or subject field.

Here's what can happen: suppose I just send garbage to all the required fields, and if I know which form field correlates with one of the mail header fields, I can sent a binary input stream to it that includes a newline. After a newline, I populate it with hundreds of email addresses.

For example, if I violate the "send to" email field I can do this:

To: xyz@hacked.com(binary newline here)
bcc:abc@cdd.com,def@ghi.com,jkl@mnop.com......

So even if you get CC'ed on this, the BCC can be populated with a thousand spam addresses, and you'd never know.

Unless you log your data.

To effectively stop or at least slow down abuse of your form processors, the answer lies in screening your data input, as it always has. A check for a blank string is a start, but required fields are only a tip of the iceberg. I found it's easier to just reject everything except what's supposed to be there rather than guess at what input might not be allowed.