这里有很多空白的php电子邮件帖子,但没有一个能为我解决这个问题。
我调整了这个简单的php代码,我发现只需通过电子邮件发送指定的电子邮件地址(在本例中为我的客户的电子邮件),并在客户的网站上发送反馈消息。通过测试,当我没有将初始if语句作为验证时,我只能发送电子邮件,但即使这样,电子邮件也没有主题或正文。
contact.html
<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post">
<div class="form-group">
<label for="inputName" class="col-sm-3 control-label">Name</label>
<div class="col-sm-9">
<input type="text" class="form-control" name="inputName" placeholder="Name"><br />
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-sm-3 control-label">Email</label>
<div class="col-sm-9">
<input type="email" class="form-control" name="inputEmail" placeholder="Email"><br />
</div>
</div>
<div class="form-group">
<label for="inputMessage" class="col-sm-3 control-label">Message</label>
<div class="col-sm-9">
<textarea type="text" class="form-control" name="inputMessage" placeholder="Message"></textarea><br />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input class="btn btn-default" type="submit" value="Submit">
</div>
</div>
</form>
send_form_email.php
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
// Contact subject
$name =$_POST['inputName'];
// Details
$message=$_POST['inputMessage'];
// Mail of sender
$mail_from=$_POST['inputEmail'];
// From
$header="from: $name <$mail_from>";
// Enter your email address
$to ='test@gmail.com';
$send_contact=mail($to,$name,$message,$header);
// Check, if message sent to your email
// display message "We've recived your information"
header("Location: http://wetzelscontracting.com/postcontact.html");
if($send_contact){
echo "We've recived your contact information";
}
else {
echo "ERROR";
}}
?>
好的,长篇小说,但是Mailto实际上并不在行动中,我将其从帖子中移除。
实际上,我不知道我最初发布了什么样的frankenstein代码,但这些代码已经不再存在了。希望这次我发布了正确的代码。
答案 0 :(得分:2)
为什么您的表单操作MAILTO:?
<form name="feedback" class="form-horizontal" role="form" action="MAILTO:send_form_email.php" method="post">
这应该只是对PHP页面的干净调用:
<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post">
在构建MAILTO:时,唯一一次使用<a href="mailto:someguy@someplace.somedomain">。对于像这样使用PHP的HTML表单,目标是提交表单,然后由PHP解析$_POST数据,然后PHP会对其发送电子邮件。
此外,您未在任何name字段中设置input值&amp;您拥有的id值的名称甚至不匹配PHP尝试执行的操作。所以请尝试HTML:
<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post">
<div class="form-group">
<label for="inputName" class="col-sm-3 control-label">Name</label>
<div class="col-sm-9">
<input type="text" class="form-control" id="inputName" placeholder="Name" name="inputName"><br />
</div></div>
<div class="form-group">
<label for="inputEmail" class="col-sm-3 control-label">Email</label>
<div class="col-sm-9">
<input name="email" type="email" class="form-control" id="inputEmail" placeholder="Email" name="inputEmail"><br />
</div></div>
<div class="form-group">
<label for="inputMessage" class="col-sm-3 control-label">Message</label>
<div class="col-sm-9">
<textarea type="text" class="form-control" id="inputMessage" placeholder="Message" name="inputMessage"></textarea><br />
</div></div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input class="btn btn-default" type="submit" value="Submit">
</div></div>
</form>
此处还有重新编写的PHP代码。
我做的第一件事就是将所有$_POST项检查放入使用一个主数组($post_array)的结构中,然后滚动该数组以处理值&amp;将它们分配给类似命名的变量。你以前绝对没有输入验证。这在技术上甚至不是很好的“验证”,因为isset()只检查$_POST值是否存在。但这是一步。
此外,我在最后重写了您的错误检查逻辑,因为这一切都发生在标头发送之后。这意味着整个"We've recived your information"永远不会起作用。这是我能用你提供的信息做的最好的,但我这样做是为了传达基本概念:
<?php
if ($_SERVER['REQUEST_METHOD'] == "POST"){
// Set the post values array.
$post_array = array('inputName','inputEmail','inputMessage');
// Roll through the post values array.
foreach($post_array as $post_key => $post_value) {
$$post_key = isset($_POST[$post_key] ? $_POST[$post_key] : null;
}
// From
$header="from: $name <$mail_from>";
// Enter your email address
$to ='test@gmail.com';
$send_contact=mail($to,$name,$message,$header);
// Check, if message sent to your email
// display message "We've recived your information"
if($send_contact){
header("Location: http://wetzelscontracting.com/postcontact.html");
}
else {
echo "ERROR";
}
}
?>
答案 1 :(得分:1)
由于除了接受的验证之外没有其他答案涵盖验证问题,但如果您要这样做,您也可以使用extract()函数,(它也不会保护标题注入或电子邮件验证)。
验证用户输入和一层简单的CSRF保护是非常重要的,否则机器人或垃圾邮件发送者可以直接发送到您的PHP,它会向您发送电子邮件的轰炸,您将看不到树林(合法的)电子邮件),或者更糟糕的是将标题注入您的inputEmail字段并使用您的服务器发送自己的电子邮件,这显然是您不希望发生的事情。
此外,我添加了一种简单的方法,您可以从PHP脚本中传递错误,将用户发送回表单以供您回显。
对于 send_form_email.php 文件。
<?php
session_start();
if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_SESSION['csrf'])){
//set error array to fill
$errors = array();
// Validate Contact subject
if(!empty($_POST['inputName'])){
$name = $_POST['inputName'];
}else{
$error['inputName'] = 'Required!';
}
// Validate Details
if(!empty($_POST['inputMessage'])){
$message = $_POST['inputMessage'];
}else{
$error['inputMessage'] = 'Required!';
}
// Validate Mail of sender
if(!empty($_POST['inputEmail'])){
if(filter_var($_POST['inputEmail'], FILTER_VALIDATE_EMAIL)){
$mail_from = $_POST['inputEmail'];
}else{
$error['inputEmail'] = 'Invalid Email!';
}
}else{
$error['inputEmail'] = 'Required!';
}
if(!isset($_POST['csrf']) || $_SESSION['csrf'] != $_POST['csrf']){
$_SESSION['email_status'] = 'Invalid csrf token!';
$error = true;
}
//stop multiple attempts - just remove csrf token
unset($_SESSION['csrf']);
//no errors send mail
if(empty($error)){
$headers ='MIME-Version: 1.0'."\r\n";
$headers.='Content-type: text/html; charset=utf8'."\r\n";
$headers.='From:<'.$mail_from.'>'."\r\n";
$headers.="X-Mailer: PHP"."\r\n";
if(mail('test@gmail.com', 'Website email form: '.$name, $message, $headers)){
$_SESSION['email_status'] = "We've received your contact information";
//send to success page
exit(header("Location: http://wetzelscontracting.com/postcontact.html"));
}else {
$_SESSION['email_status'] = 'There was an error sending the mail';
//backup to file
file_put_contents('mail.log.txt',print_r($_POST, true).PHP_EOL, FILE_APPEND);
}
}else{
//assuming its this url
exit(header("Location: http://wetzelscontracting.com/contact.php"));
$_SESSION['email_error'] = $error;
}
}else{
//stop multiple attempts
unset($_SESSION['csrf']);
//dont allow GET request/direct access
exit(header("Location: http://wetzelscontracting.com/contact.php"));
}
?>
然后在包含表单的页面中,启动会话以从$_SESSION数组中读取,然后如果有的话回显您的错误。
<?php
session_start();
//make a session key that we will check against in send_form_email.php
$_SESSION['csrf'] = sha1(uniqid(true));
?>
<?php echo isset($_SESSION['email_status']) ? $_SESSION['email_status'] : null ?>
<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post">
<input type="hidden" name="csrf" value="<?php echo $_SESSION['csrf'];?>"/>
<div class="form-group">
<label for="inputName" class="col-sm-3 control-label">Name <?php echo isset($_SESSION['email_error']['inputName']) ? $_SESSION['email_error']['inputName'] : null?></label>
<div class="col-sm-9">
<input type="text" class="form-control" id="inputName" placeholder="Name" name="inputName"><br />
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-sm-3 control-label">Email <?php echo isset($_SESSION['email_error']['inputEmail']) ? $_SESSION['email_error']['inputEmail'] : null?></label>
<div class="col-sm-9">
<input type="email" class="form-control" id="inputEmail" placeholder="Email" name="inputEmail"><br />
</div>
</div>
<div class="form-group">
<label for="inputMessage" class="col-sm-3 control-label">Message <?php echo isset($_SESSION['email_error']['inputMessage']) ? $_SESSION['email_error']['inputMessage'] : null?></label>
<div class="col-sm-9">
<textarea type="text" class="form-control" id="inputMessage" placeholder="Message" name="inputMessage"></textarea><br />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input class="btn btn-default" type="submit" value="Submit">
</div>
</div>
</form>
<?php
//unset the errors so there only shown once
unset($_SESSION['email_status']);
unset($_SESSION['email_error']); ?>