我有这个HTML和PHP联系表格:
<?php
$valid = true;
$errors = array();
$contact = array(
'name' => null,
'email' => null,
'message' => null
);
// Check if the form has been posted
if (isset($_POST['name'], $_POST['email'], $_POST['message'])) {
$contact = filter_input_array(INPUT_POST, array(
'name' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'message' => FILTER_SANITIZE_STRING,
), true);
if (empty($_POST['name'])) {
$valid = false;
$errors['name'] = "You must enter your name.";
}
if (empty($_POST['email'])) {
$valid = false;
$errors['email'] = "You must enter your email address.";
} elseif (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
$valid = false;
$errors['email'] = "You must enter a valid email address.";
}
if (empty($_POST['message'])) {
$valid = false;
$errors['message'] = "You must enter a message and/or subject.";
}
if ($valid) {
// The email address the email will be sent to
$to = "email@outlook.com";
// The email subject
$subject = $_POST['subject'];
// Set the from and reply-to address for the email
$headers = "From: ".$_POST['email'];
"X-Mailer: PHP/" . phpversion();
// Build the body of the email
$mailbody = "The contact form has been filled out.\n\n"
. "Name: " . $_POST['name'] . "\n"
. "Email: " . $_POST['email'] . "\n"
. "Message:\n" . $_POST['message'] . "\n"
. "IP: " . $_POST['userIP'];
// Send the email
mail($to, $subject, $mailbody, $headers);
// Go to the thank you page
header("location: contact.php");
exit;
}
}
?>
<div id="contactform">
<input type="text" class="field_a" name="name" value="<?php echo htmlspecialchars($contact['name']);?>" placeholder="Enter your name here">
<br>
<br>
<input class="field_a" name="email" type="email" value="<?php echo htmlspecialchars($contact['email']);?>" placeholder="And your email is?">
<br>
<br>
<input class="field_a" name="subject" type="text" value="<?php echo htmlspecialchars($contact['subject']);?>" placeholder="We need to know what your message is about">
<br>
<br>
<textarea class="field_b" name="message" rows="10" cols="25" placeholder="Finally, the message.."><?php echo htmlspecialchars($contact['message']);?></textarea>
<br>
<br>
<input class="field_c" style="width:830px;" name="send_mail" type="submit" value="Ready to send your message to All Things Roblox? Click me!">
<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">
</div>
</form>
我使用代码<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">
来获取用户的IP地址,但是他们可以通过对这段代码使用inspect元素来轻松防止这种情况。
如何阻止<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">
显示?
再次感谢!
答案 0 :(得分:2)
永远不要通过客户端传递这些有价值的信息。而是在服务器端本身。在服务器端,您可以将有价值的数据发布到其他页面并在那里接收。
在这种情况下,您可以使用服务器端(PHP)本身的<?php echo $_SERVER['REMOTE_ADDR']; ?>
直接获取IP地址。无需通过HTML传递它。
<强>更新强>
在您的PHP代码中,而不是
$mailbody = "The contact form has been filled out.\n\n"
. "Name: " . $_POST['name'] . "\n"
. "Email: " . $_POST['email'] . "\n"
. "Message:\n" . $_POST['message'] . "\n"
. "IP: " . $_POST['userIP'];
像这样,你可以直接调用
$mailbody = "The contact form has been filled out.\n\n"
. "Name: " . $_POST['name'] . "\n"
. "Email: " . $_POST['email'] . "\n"
. "Message:\n" . $_POST['message'] . "\n"
. "IP: " . $_SERVER['REMOTE_ADDR'];
因此您可以消除对隐藏字段的需求。