PHP联系表单在查看页面时发送空白电子邮件

时间:2014-07-22 15:02:50

标签: php forms contact

任何人都可以帮我停止每次查看网页时发送空白电子邮件吗?

这是我正在使用的代码。

<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr  = "";
$name = $email = $gender = $comment =  "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["name"])) {
     $nameErr = "Name is required";
   } else {
     $name = test_input($_POST["name"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
       $nameErr = "Only letters and white space allowed"; 
     }
   }

   if (empty($_POST["email"])) {
     $emailErr = "Email is required";
   } else {
     $email = test_input($_POST["email"]);
     // check if e-mail address syntax is valid
     if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
       $emailErr = "Invalid email format";
     }
   }

   if (empty($_POST["comment"])) {
     $commentErr = "Comment is required";
   } else {
     $comment = test_input($_POST["comment"]);
     if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
       $commentErr = "Please leave a comment.";      
     }
   }
}

function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}


//create the body of the email
$body = "Name: {$_POST['name']}
\n\nEmail: {$_POST['email']}
\n\nComments: {$_POST['comment']}";
$body = wordwrap($body, 70);

// The mail function
mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");


?>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
   Name: <input type="text" name="name" class="text" value="<?php echo $name;?>">
   <span class="error">* <?php echo $nameErr;?></span>
   <br>
   Email: <input type="text" name="email" class="text" value="<?php echo $email;?>">
   <span class="error">* <?php echo $emailErr;?></span>
   <br>
   Comment: <textarea name="comment" rows="3" cols="20"><?php echo $comment;?></textarea>
   <span class="error">* <?php echo $commentErr;?></span><br>   
   <input type="submit" name="submit" value="Submit" class="submit"> 
<?php
//if everything is ok, print the message:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($name && $email && $comment) {
    echo "<p>Thank you, <b>$name</b>, for contacting us.</p>
    <p> We will email you back at <i>$email</i> in a couple days.</p>\n";
} else { //missing form value.
    echo '<p class="error">Please go back and fill out the form again.</p>';
    return false;
}
}

?>
</form>

1 个答案:

答案 0 :(得分:3)

将所有表单逻辑放在if ($_SERVER["REQUEST_METHOD"] == "POST") {语句中。不只是验证:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["name"])) {
     $nameErr = "Name is required";
   } else {
     $name = test_input($_POST["name"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
       $nameErr = "Only letters and white space allowed"; 
     }
   }

   if (empty($_POST["email"])) {
     $emailErr = "Email is required";
   } else {
     $email = test_input($_POST["email"]);
     // check if e-mail address syntax is valid
     if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
       $emailErr = "Invalid email format";
     }
   }

   if (empty($_POST["comment"])) {
     $commentErr = "Comment is required";
   } else {
     $comment = test_input($_POST["comment"]);
     if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
       $commentErr = "Please leave a comment.";      
     }
   }


    //create the body of the email
    $body = "Name: {$_POST['name']}
    \n\nEmail: {$_POST['email']}
    \n\nComments: {$_POST['comment']}";
    $body = wordwrap($body, 70);

    // The mail function
    mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");
}

仅供参考,您对header injections持开放态度。在将此代码发布到生产环境之前,您应该解决这个问题。