在我们的网站上有一个注册表单,用户可以在其中订阅我们的新闻通讯。该表单具有名字和姓氏字段,电子邮件地址字段,城市,州和国家/地区字段。当订户注册列表时,它们将被插入到数据库中。
有时我们会收到虚假或空白电子邮件“注册”,但没有信息插入我们的数据库,尽管事实上需要6个字段中的3个。我最近意识到只需在Dreamweaver中打开php文件就会提示用空白信息命中数据库。
始终出现的电子邮件地址是熟悉的电子邮件地址。我们使用Godaddy进行托管并托管两个站点,第二个站点是有问题的站点,而访问数据库的电子邮件地址来自第一个站点。
有没有办法阻止这些虚假电子邮件?
这是我的php代码:
<?php
define('DB_NAME', '');
define('DB_USER', '');
define('DB_PASSWORD', '');
define('DB_HOST', '');
$first = Trim(stripslashes($_POST['First']));
$last = Trim(stripslashes($_POST['Last']));
$city = Trim(stripslashes($_POST['City']));
$state = Trim(stripslashes($_POST['State']));
$country = Trim(stripslashes($_POST['Country']));
$email = Trim(stripslashes($_POST['Email']));
$tempt = $_POST['tempt'];
$tempt2 = $_POST['tempt2'];
if ($tempt == 'http://' && empty($tempt2)) {
$error_message = '';
$reg_exp = "/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$/";
if(!preg_match($reg_exp, $email)) {
$error_message .= "<p>A valid email address is required.</p>";
}
if (empty($first)) {
$error_message .= "<p>Please provide your first name.</p>";
}
if (empty($last)) {
$error_message .= "<p>Please provide your last name.</p>";
}
if (!empty($error_message)) {
$return['error'] = true;
$return['msg'] = "<p>The request was successful, but the form was not filled out correctly.</p>".$error_message;
echo json_encode($return);
exit();
} else {
$return['error'] = false;
$return['msg'] = "<p style='top:9px; color:#ff6000; left:63px; text-align:left; font-size:1.50em;'>".$first .", <p style='top:0px; width:100%; left:63px; text-align:left; line-height:1.1em;'>your subscription request has been processed.</p>";
echo json_encode($return);
}
} else {
$return['error'] = true;
$return['msg'] = "<p>There was a problem while sending this form. Try it again.</p>";
echo json_encode($return);
}
$to = "3elementsreview@gmail.com, marlonfowler@yahoo.com";
$subject = "New Email Address for Mailing List";
$headers = "From: $email\n";
$headers .= "Content-type: text/html\r\n";
$message = "<span style='color:#252525; font-size:1.2em;'>A visitor to 3Elements Review has entered the following information so they can be added to your mailing list.</span><br>\n
<br>
<span style='color:#252525; font-weight:bold; font-size:1.35em;'>$first $last</span><br>
<span style='color:#252525; font-weight:bold; font-size:1.35em;'>$city, $state</span><br>
<span style='color:#252525; font-weight:bold; font-size:1.35em;'>$country</span><br>
<span style='color:#252525; font-weight:bold; font-size:1.35em;'>$email</span>";
mail($to,$subject,$message,$headers);
mail($user,$usersubject,$usermessage,$userheaders);
$link = mysql_connect('xxxx.somedomain.com', 'myusername', 'mypassword');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db('mefowler', $link);
if (!$db_selected) {
die('Can\'t use ' . 'mefowler' . ': ' . mysql_error());
}
$value = mysql_real_escape_string($_POST['First']);
$value2 = mysql_real_escape_string($_POST['Last']);
$value3 = mysql_real_escape_string($_POST['City']);
$value4 = mysql_real_escape_string($_POST['State']);
$value5 = mysql_real_escape_string($_POST['Country']);
$value6 = mysql_real_escape_string($_POST['Email']);
$sql = "INSERT INTO members (First, Last, City, State, Country, Email, Date) VALUES('$value','$value2','$value3','$value4','$value5','$value6',NOW() + interval 2 hour)";
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
mysql_close();
?>
HTML -------->
<form class="contact-me" action="php-signup/sign-up-complete.php" method="post" name="contact-me">
<div id="response2"><!-----------------CONTAINS FORM ERROR MESSAGE--------------></div>
<input name="First" pattern="[A-Za-z]{2,15}" title="Your First Name is Required" id="first" autofocus placeholder="First Name" type="text" maxlength="15"></input><br>
<input name="Last" pattern="[A-Za-z]{2,15}" title="Your Last Name is Required" id="last" placeholder="Last Name" type="text" maxlength="15"></input><br>
<input name="Email" pattern="[A-Za-z0-9\@\.com]{7,50}" title="Your E-Mail Address is Required" id="email" placeholder="E-Mail Address" type="email" maxlength="50"></input><br>
<input name="City" pattern="[A-Za-z\s]{3,40}" id="city" title="Please fill in your 'City'" placeholder="City" type="text" maxlength="40"></input><br>
答案 0 :(得分:1)
如果页面未发布到该页面,则停止运行脚本。
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//put code here}
else {}