我的页面上有一个联系表单,现在大部分工作正常,但是我创建了一些验证,如果用户以某种方式绕过文本输入的常规HTML maxlength参数,它会对字符串长度进行后端检查。< / p>
以下是我的两个问题:
1)如果我在一个字段中输入数字,那么我会自动收到一条消息,说我已超过最大限制,显然不应该执行。
2)第二个问题是,当我收到该消息(收到错误)时,它应该至少停止发送邮件,因为存在问题,但它仍然发送电子邮件!!
随意去尝试并亲眼看看:
http://eclipse-developers.com/v2/eclipse-developers.com/#contactUs
以下是我的联系表单的PHP脚本:
// here we put in an if statement to check against missing variables (empty values)
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['message'])){
$name=$_POST['name'];
$organisation=$_POST['organisation'];
$reference=$_POST['reference'];
$email=$_POST['email'];
$subject=$_POST['subject'];
$message=$_POST['message'];
// here we are checking to see if that value anything and not just black.
if (!empty($name) && !empty($email) && !empty($subject) && !empty($message) ){
// this is doing a check for max length, its doing it in php just in case the user
// cheats and bypasses the html check.
if (strlen($name>31) || strlen($lname>31) || strlen($organisation>31) || strlen($email>51) || strlen($subject>31) || strlen($reference>31) || strlen($message>2001)){
echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
}
$to='skyrocketing132@yahoo.com';
$emailsubject=$subject;
$body=$name."\nCompany Name: ".$organisation."\nRef: ".$reference."\nMessage: ".$message;
$headers= 'From: '.$email;
// mails, if statement so if its true (mail did send)
if (mail($to,$emailsubject,$body,$headers)){
echo'Thanks for contacting us.';
}else{
echo'Sorry, an error occurred. Try again later.';
}
}
} else{
}
答案 0 :(得分:2)
你的条件有误,你有:
strlen($name > 31)
首先检查$name的值是否大于31,返回布尔值true或false。然后将其强制转换为字符串并检查其长度,该长度始终高于0,因此为真。它应该是:
strlen($name) > 31
为防止发送电子邮件,您必须在这些条件成立后中止。您的代码将变为:
if (strlen($name) > 31 || strlen($lname) > 31 || strlen($organisation) >31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
} else {
$to='skyrocketing132@yahoo.com';
$emailsubject=$subject;
$body=$name."\nCompany Name: ".$organisation."\nRef: ".$reference."\nMessage: ".$message;
$headers= 'From: '.$email;
// mails, if statement so if its true (mail did send)
if (mail($to,$emailsubject,$body,$headers)){
echo'Thanks for contacting us.';
}else{
echo'Sorry, an error occurred. Try again later.';
}
}
答案 1 :(得分:0)
1)如果我在一个字段中输入数字,那么我会自动收到一条消息,说我已超过最大限制,显然不应该执行。
你的条件错了。
strlen($name>31)
更改为
strlen($name)>31
2)第二个问题是,当我收到该消息(收到错误)时,至少应该停止发送邮件,因为存在问题,但它仍会发送电子邮件! !
在失败后添加exit; / die;,或添加if/else逻辑。
if (strlen($name)>31 || strlen($lname)>31 || strlen($organisation)>31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
exit;
}
if (strlen($name)>31 || strlen($lname)>31 || strlen($organisation)>31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
} else {
//Attempt email send
}