我在这里遇到问题,我的表单无法使用captcha进行验证,意味着如果验证码为空,表单仍然可以发送到我的数据库,
这是我用于将消息发送到我的数据库的PHP连接代码
<?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
//Define the database
session_start();
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
//Pick data from table in HTML
$conn = new mysqli($servername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (empty($name)){
echo '<script>alert("Name cannot be blank. Please insert your name.");
window.history.go(-1);
</script>';
die();
}
if (empty($email)){
echo '<script>alert("Your message has been sent. Thank you for your cooperation.");
window.history.go(-1);
</script>';
die();
}
if (empty($message)){
echo '<script>alert("Please tell us what is in your mind. Thank you.");
window.history.go(-1);
</script>';
die();
}
if(empty($_SESSION['code'] ) ||
strcasecmp($_SESSION['code'], $_POST['code']) != 0)
{
//Note: the captcha code is compared case insensitively.
//if you want case sensitive match, update the check above to
// strcmp()
$errors .= "\n The captcha code does not match!";
}
//Error message of the form
$sql = "INSERT INTO testingdb (Name, Email, Message)
VALUES ('$name', '$email', '$message')";
if($conn->query($sql) === TRUE) {
echo '<script>
alert("Your message has been sent. Thank you for your cooperation.");
</script>';
header("Location: {$_SERVER['HTTP_REFERER']}");
function goback(){
echo '<script>alert("Your message has been sent. Thank you!");</script>';
header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
}
goback();
} else {
echo "Error " . $sql . "<br>" . $conn->error;
}
//Insert data from HTML table to database
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
$conn->close();
?>
这是我的HTML格式
<form id="contact_form" action="connection.php" method="POST" enctype="multipart/form-data">
<div class="row">
<input id="name" class="input" name="name" type="text" value="" size="30" placeholder="Your Name*" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Name *'" /><br />
</div>
<div class="row" style="margin-top:10px">
<input id="email" class="input" name="email" type="text" value="" size="30" placeholder="Your Email*" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Email *'" /><br />
</div>
<div class="row" style="margin-top:10px">
<textarea id="message" class="input" name="message" rows="7" cols="31" placeholder="Your Messages *" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Messages *'" ></textarea><br />
</div>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' style="margin-top:10px" ><br>
<input id="code" class="input" name="code" type="text" value="" size="32" placeholder="Your Code Here *" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Code Here *'" style="margin-top:10px"><br>
<p> <button id="submit_button" type="submit" style="cursor:pointer">Submit</button>
<button id="reset_button" type="reset" style="cursor:pointer">Reset</button></p>
</form>
我在编码方面很新,在这里,有人可以帮助我吗?如果我的英语不好,我也很抱歉。 我使用此链接作为示例http://webdesignpub.com/html-contact-form-captcha/
答案 0 :(得分:1)
您需要将$ _SESSION ['code']设置为发送表单时显示的验证码图像,以便在下次检索发布的数据时将其与$ _POST ['code']进行比较请求。
我不确定captcha_code_file.php是做什么的,因为你还没有把它包括在内,但是如果它只是显示随机数,那么如果你改变它可能会有效:
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ...
到
<img src="captcha_code_file.php?rand=<?php echo $_SESSION['code'] = rand(); ?>" id='captchaimg' ...