The form submission when through normal channels is already checked (client side) to see if various field values at least exist.... this spammer is submitting blank values or even explicit null, I changed the database so it wont accept the nulll but any field with a required could on the server side of the post at least check to see if the field is requires and use php !empty() to reject the submissions.
When I make a pure php form I mark them required with HTML5 methods but I also test the values after submission for instance in php !empty() can test if something is required, if something is an email I can format check, if something is a url I can test that too. And reject if not appropriate
