Question

短话短说：我检查了许多具有类似情况的叠加流文章，仅发现了这一篇 1）https://openjfx.io/openjfx-docs/#install-javafx 2）Detecting a url using preg_match? without http:// in the string

但没有回答我的问题

preg_match to only allow https:// in an URL

因此，我正在php文件中执行preg_match，以阻止人们放置Bot和Troll中的URL。但是，当我用此代码对其进行测试时，它不起作用:(。因此，如果他们用任何URL前缀提交消息，则不会发送该消息。但它不起作用

if(preg_match('/(https|ftp|http):/i',$comments))
        {
        // prevent form from saving code goes here
        echo "<script>alert('Please Correct your message');</script>";
        // echo "<script>window.open('contactus.php','_self');</script>";
        }

但是由于某种原因，它绕过了preg_match，即使脚本弹出也仍然发送。我做错了什么吗，是因为我的同事在其他站点上使用了此代码，并且可以正常工作。谢谢

PS：如果您需要更多上下文，请在此处输入整个代码

<?php
session_start();
    /*if ($_SESSION['company'] != "RapidPay") {
        //redirect to the logout pag
        $redirect = 'index.php';
        include  './includes/redirect.php';
     } 
    if(!$_SESSION['userid']) {
        header("Location:login.php");
    }*/
/*  if(!$_SESSION['userid']){
        header("location:login.php");
}*/
    $userid = $_SESSION['userid'];
    $username = $_SESSION['username'];
    $useremail = $_SESSION['uemail'];
    $uphone = $_SESSION['uphone'];
    $usecurity = $_SESSION['usecurity'];

    include './includes/dblogin.php';
$currentPage = 'contactus';
?>
<!DOCTYPE html>

<?php
    $dontsend=0;
    $mailstatus="";
    if(isset($_POST["submit"])){
        //catch spambots
        $honeypot = FALSE;

        if (!empty($_REQUEST['honeypot']) && (bool) $_REQUEST['honeypot'] == TRUE){

            $honeypot = TRUE;
            $dontsend=1;
            # treat as spambot

        }


        $username=$_POST["uname"];

        $phoneno=$_POST["phno"];

        $email=$_POST["email"];

        $comments= $_POST["message"];

        if(preg_match('/(https|ftp|http):/i',$comments))
            {
            // prevent form from saving code goes here
            echo "<script>alert('Please Correct your message');</script>";
            // echo "<script>window.open('contactus.php','_self');</script>";

            }


        if (preg_match('/[А-Яа-яЁё]/u', $comments) || strpos($comments, 'erect') !== false){

            $ipaddress = $_SERVER["REMOTE_ADDR"];
            $subject = 'russian spammer ip /erectile spammer ip - RPSBS';
            $message = $comments . " " . $ipaddress;
            $from = $eemail;
            $headers = "From:".$from;
            $to= 'EMAIL';
            # mail($to, $subject, $message, $headers);
            $dontsend=1; 
}



   if ($dontsend!=1){

            $ipaddress = $_SERVER["REMOTE_ADDR"];

            $message="";

            $message.="<table>";

            $message.="<tr height='40'><td colspan='2' style='vertical-align:top'>Details of the Person</td></tr>"; 

            $message.="<tr height='40' ><td style='vertical-align:top; width:120px'><b>Name:</b></td><td style='vertical-align:top'>".$username."</td></tr>";

            $message.="<tr height='40' ><td style='vertical-align:top'><b>Mobile Number:</b></td><td style='vertical-align:top'>".$phoneno."</td></tr>";        

            $message.="<tr height='40' ><td style='vertical-align:top'><b>Email ID:</b></td><td style='vertical-align:top'>".$email."</td></tr>";           

            $message.="<tr height='40' ><td style='vertical-align:top'><b>Message:</b></td><td style='vertical-align:top; text-align:justify'>".$_POST["message"]. "<br>this message is from ip address " . $ipaddress ."</td></tr>";

            $message.="</table>";



            $to="EMAIL";


            $sub="RapidPay - Contact US Form Submission From ".$username;

            $headers="";
            $headers .= "MIME-Version: 1.0" . "\r\n";
            $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";

            $headers .="From: ".$email."\r\n";

            mail($to, $sub, $message, $headers);

            $mailstatus="Your mail has been sent";

            //phpinfo();



       }






    }

?>

preg_match：解决了在注释框中阻止https：// URL链接的问题

0 个答案: