我有一个关于服务器端表单验证的快速问题,因为我对php很新。我有一个html POST表单,直到最近我才进行客户端验证,当然,这导致它被利用,我收到了空字段的邮件。我已经阅读了一些关于它的文章,并想出了一个非常基本的东西:
<?php
header('Content-type: text/html; charset=utf-8');
//print_r($_POST);
//exit();
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
die('No post.');
}
function utf8mail($to,$s,$body,$from_name="x",$from_a = "info@x.com", $reply="info@x.com")
{
$s= "=?utf-8?b?".base64_encode($s)."?=";
$headers = "MIME-Version: 1.0\r\n";
$headers.= "From: =?utf-8?b?".base64_encode($from_name)."?= <".$from_a.">\r\n";
$headers.= "Content-Type: text/plain;charset=utf-8\r\n";
$headers.= "Reply-To: $reply\r\n";
$headers.= "X-Mailer: PHP/" . phpversion();
mail($to, $s, $body, $headers);
}
$name = $_POST['name'];
$email = $_POST['email'];
$tel = $_POST['tel'];
$car_class = $_POST['car_class'];
$car_model = $_POST['car_model'];
$pickup_place = $_POST['pickup_place'];
$return_place = $_POST['return_place'];
$pickup_date = $_POST['pickup_date'];
$return_date = $_POST['return_date'];
$notes = $_POST['notes'];
$formcontent="From: $name \n E-Mail: $email \n Phone: $tel \n Car Class: $car_class \n Car Model: $car_model \n Pick Up Place: $pickup_place \n Return Place: $return_place \n Pick Up Date: $pickup_date \n Return Date: $return_date \n Notes: $notes";
$recipient = "x@x.com";
$subject = "$name Rent-A-Car";
$mailheader = "From: $email \r\n";
if (empty($name) or empty($tel) or empty($car_class) or empty($pickup_place) or empty($return_place) or empty($pickup_date) or empty($return_date)){
echo "You must fill in all required fields!";
}
else {
utf8mail($recipient, $subject, $formcontent, $name, $email);
}
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+ (.[a-z0-9-]+)*(.[a-z]{2,4})$", $email)) {
die('Your email address does not follow the basic format. Sorry, please try again!');
}
header("Location: thankyou.html");
?>
因此,根据我收集的内容,这应该拒绝GET请求,检查必填字段是否为空,如果填写了电子邮件,则检查它是否有效。我只想询问代码是否有效以及是否存在任何可能的问题。