我正在使用templateforest创建一个带有模板的网站。我有一个HTML联系表单,它集成在站点的底部,它与提交过程的PHP文件相关。
这里是HTML部分的代码:
queue.OrderBy(f => f.x).ThenBy(f => f.y);
这是来自sendmail.php文件的代码:
<!--contact section start-->
<div class="section section-contact" id="contact">
<div class="container">
<div class="row">
<div class="col-md-12">
<!--tittle start-->
<div class="tittle">
<h1>
<a name="contactar"><span>10</span></a>
Contactar</h1>
<h2>
<span> Si deseas ponerte en contacto conmigo por favor, rellena el siguiente formulario o si lo prefieres utiliza los datos de contacto facilitados al pie de esta página.</span>
</h2>
</div>
<!--tittle end-->
<div class="contact-row">
<form role="form" class="form-horizontal">
<div class="row form-group">
<div class="col-sm-4 col-xs-12">
<input type="text" name="name" placeholder="Name" class="form-control">
</div>
<div class="col-sm-4 col-xs-12">
<input type="text" name="email" placeholder="Email" class="form-control">
</div>
<div class="col-sm-4 col-xs-12">
<input type="text" name="subject" placeholder="Subject" class="form-control">
</div>
</div>
<div class="row form-group">
<div class="col-xs-12">
<textarea name="comments" placeholder="Comments" class="form-control" rows="10" cols="30" id="msg" name=""></textarea>
</div>
</div>
<div class="row form-group text-center">
<div class="col-xs-12">
<button type="submit" id="submit" class="view-btn">Contactar con Patricia</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!--contact section end-->
显然我已经取代了&#34; info@example.com"用有效的电子邮件......但它没有用。
我正在寻找类似的代码,但我不擅长php,所以我无法找到解决方案。
当我继续推进&#34;提交&#34;网站上的按钮,它只是重新加载整个页面...而且全部...没有错误消息,但也没有发送电子邮件。
服务器的php版本是5.4。
2015年5月13日编辑:
这是我在进行更改后执行的更改后的PHP文件代码:
<?php
// Note: filter_var() requires PHP >= 5.2.0
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['comments']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) ) {
// detect & prevent header injections
$mailTest = "/(content-type|bcc:|cc:|to:)/i";
foreach ( $_POST as $key => $val ) {
if ( preg_match( $mailTest, $val ) ) {
exit;
}
}
$headers = 'From: ' . $_POST["name"] . '<' . $_POST["email"] . '>' . "\r\n" .
'Reply-To: ' . $_POST["email"] . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail( "info@example.com", $_POST['subject'], $_POST['comments'], $headers );
// Replace with your email
}
?>
编辑2:
现在HTML代码如下所示:
<?php
//this is to activate error messages
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Note: filter_var() requires PHP >= 5.2.0
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['comments']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) ) {
// detect & prevent header injections
$mailTest = "/(content-type|bcc:|cc:|to:)/i";
foreach ( $_POST as $key => $val ) {
if ( preg_match( $mailTest, $val ) ) {
exit;
}
}
$headers = 'From: ' . $_POST["name"] . '<' . $_POST["email"] . '>' . "\r\n" .
'Reply-To: ' . $_POST["email"] . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail( "info@example.com", $subject, $comment, $headers )){
echo "Mail sent, it's out of your hands now and it did its job.";
}
else{
echo "There was an error, check your logs.";
}
// Replace with your email
}
?>
答案 0 :(得分:0)
看到你发布的代码,我提交以下内容并从我的评论中删除。
您正在使用POST数组,因此请将表单设为POST方法。
<form method="post" role="form" class="form-horizontal">
^^^^^^^^^^^^^
除非你有一些JS / Ajax,否则你没有向我们展示那里有$.post
或POST方法,你需要发布事后的 。
“没有错误消息,但也没有发送电子邮件。”
那是因为你没有检查它们。
将error reporting添加到文件的顶部,这有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
旁注:错误报告应仅在暂存时完成,而不是生产。
<强>脚注:强>
你不应该像这样传递POST数组:
mail( "info@example.com", $_POST['subject'], $_POST['comments'], $headers );
你让自己接受XSS注射。
您应该使用预先指定的变量。
$subject = $_POST['subject'];
$comment = $_POST['comments'];
...
mail( "info@example.com", $subject, $comment, $headers );
或
if(mail( "info@example.com", $subject, $comment, $headers )){
echo "Mail sent, it's out of your hands now and it did its job.";
}
else{
echo "There was an error, check your logs.";
}
XSS注射文章:
修改强>
<?php
//this is to activate error messages
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Note: filter_var() requires PHP >= 5.2.0
if ( isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['comments']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) ) {
// detect & prevent header injections
$mailTest = "/(content-type|bcc:|cc:|to:)/i";
foreach ( $_POST as $key => $val ) {
if ( preg_match( $mailTest, $val ) ) {
exit;
}
}
$subject = $_POST['subject'];
$comment = $_POST['comments'];
$headers = 'From: ' . $_POST["name"] . '<' . $_POST["email"] . '>' . "\r\n" .
'Reply-To: ' . $_POST["email"] . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail( "info@example.com", $subject, $comment, $headers )){
echo "Mail sent, it's out of your hands now and it did its job.";
}
else{
echo "There was an error, check your logs.";
}
// Replace with your email
}
?>