任何人都可以帮我停止每次查看网页时发送空白电子邮件吗?
这是我正在使用的代码。
<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = "";
$name = $email = $gender = $comment = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["comment"])) {
$commentErr = "Comment is required";
} else {
$comment = test_input($_POST["comment"]);
if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
$commentErr = "Please leave a comment.";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//create the body of the email
$body = "Name: {$_POST['name']}
\n\nEmail: {$_POST['email']}
\n\nComments: {$_POST['comment']}";
$body = wordwrap($body, 70);
// The mail function
mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");
?>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" class="text" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br>
Email: <input type="text" name="email" class="text" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br>
Comment: <textarea name="comment" rows="3" cols="20"><?php echo $comment;?></textarea>
<span class="error">* <?php echo $commentErr;?></span><br>
<input type="submit" name="submit" value="Submit" class="submit">
<?php
//if everything is ok, print the message:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($name && $email && $comment) {
echo "<p>Thank you, <b>$name</b>, for contacting us.</p>
<p> We will email you back at <i>$email</i> in a couple days.</p>\n";
} else { //missing form value.
echo '<p class="error">Please go back and fill out the form again.</p>';
return false;
}
}
?>
</form>
答案 0 :(得分:3)
将所有表单逻辑放在if ($_SERVER["REQUEST_METHOD"] == "POST") {
语句中。不只是验证:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["comment"])) {
$commentErr = "Comment is required";
} else {
$comment = test_input($_POST["comment"]);
if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
$commentErr = "Please leave a comment.";
}
}
//create the body of the email
$body = "Name: {$_POST['name']}
\n\nEmail: {$_POST['email']}
\n\nComments: {$_POST['comment']}";
$body = wordwrap($body, 70);
// The mail function
mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");
}
仅供参考,您对header injections持开放态度。在将此代码发布到生产环境之前,您应该解决这个问题。