PHP-经过一些验证后发送邮件

时间:2013-10-01 18:48:56

标签: php

我是PHP的新手,无论如何都不是专家。无论如何,我正在构建一个PHP和HTML联系表单,我正在混淆验证字段输入的方式(trim,strip,htmlspecchars ..)。无论如何,这是我的代码,请放轻松我,我是一个菜鸟。

<?php
// define variables and set to empty values
$name = $email = $web = $telephone = $pages = $completion_date = $update_option = $hosting_option = $domain_option = $text = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = test_input($_POST["name"]);
    $email = test_input($_POST["email"]);
    $web = test_input($_POST["web"]);
    $telephone = test_input($_POST["telephone"]);
    $pages = test_input($_POST["pages"]);
    $completion_date = test_input($_POST["completion_date"]);
    $update_option = test_input($_POST["update_option"]);
    $hosting_option = test_input($_POST["hosting_option"]);
    $domain_option = test_input($_POST["domain_option"]);
    $text = test_input($_POST["text"]);
}

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$msg = $name . "\n";
$msg = $email . "\n";
$msg = $web . "\n";
$msg = $telephone . "\n";
$msg = $pages . "\n";
$msg = $completion_date . "\n";
$msg = $update_option . "\n";
$msg = $hosting_option . "\n";
$msg = $domain_option . "\n";
$msg = $text . "\n";

$recipient = "myemail@mydomain.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders = "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$mailheaders = "From: <myemail@mydomain.com>, Reply-To: <myemail@mydomain.com>" . "\r\n";
$mailheaders = "Cc: <$email>" . "\r\n";

mail($recipient, $subject, $msg, $mailheaders);
?>

2 个答案:

答案 0 :(得分:1)

在$ msg的定义之前看起来没问题,你会一直覆盖它。

在第一个之后用等号(。)

添加等号(=) 
$msg = $name . "\n";
$msg .= $email . "\n";
$msg .= $web . "\n";
... etc

答案 1 :(得分:0)

在此上下文中,

stripslasheshtmlspecialchars是不必要的。毕竟,您没有输出任何包含POSTed值的HTML。

表单验证的问题是,我可以在电子邮件字段中编写任何内容,例如,它仍然会验证。您应该对所有字段进行逐案验证,例如使用电子邮件字段

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
    // The email is valid
    $email = $_POST['email'];
}

等等。如果你不需要他们就是他们所说的那样,你可以省略它。除此之外看起来还不错。

相关问题
最新问题