我看起来太限制和查询形式特别是17个字符的机动车VIN号码,只有17个字符,有没有办法修改以下enquiry.php代码来强制执行此操作,因为用户不断绕过所需的字段假VIN号:
<?php
//if mysite.co.za is there in HTTP_REFERRER variable
if(strpos($_SERVER['HTTP_REFERER'],'mysite.co.za'))
{
//only process operation here
require_once('recaptchalib.php');
$privatekey = " ";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
header("Location: http://www.mysite.co.za/car-electronic-equipment-replacement-error.html");
} else {
// Your code here to handle a successful verification
function spamcheck($field) {
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if(filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
//check if the email address is invalid
$to = "info@mysite.co.za";
$subject = "Key-Soft Enquiry Form";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$number_field = $_POST['number'];
$make_field = $_POST['make'];
$model_field = $_POST['model'];
$vin_field = $_POST['vin'];
$location_field = $_POST['location'];
$locked_field = $_POST['locked'];
$lostKeys_field = $_POST['lostKeys'];
$remoteKey_field = $_POST['remoteKey'];
$info = $_POST['info'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers="From: $name_field <$email_field>" . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$body = "From: $name_field\n
Email Address: $email_field\n
Phone Number: $number_field\n
Car Make: $make_field\n
Year Model: $model_field\n
Vin Number: $vin_field\r
Location of vehicle: $location_field\n
Is the car locked: $locked_field\n
Are all keys lost: $lostKeys_field\n
Are they remote keys: $remoteKey_field\n
Additional Info: $info";
header("Location: http://www.mysite.co.za/vehicle-security-key-duplication-thank-you.html");
mail($to, $subject, $body, $headers);
}
}
?>
答案 0 :(得分:0)
您可以在提交之前验证表单的输入(在javascript中为例子)
你肯定应该在php中处理之前控制你的数据:
根据官方格式VIN,您可以使用正则表达式来验证提交的值是否有效:
$vin_field = (string) $_POST['vin'];
if (!preg_match('/^(?:([A-HJ-NPR-Z]){3}|\d{3})(?1){2}\d{2}(?:(?1)|\d)(?:\d|X)(?:(?1)+\d+|\d+(?1)+)\d{6}$/', $vin_field)) {
// the value is not correct, you should not save here
// consider redirecting the user to the form page with an error
}
有一个stack overflow question关于使用正则表达式验证VIN格式。
对于javascript表单字段验证,Internet中有很多方法。
答案 1 :(得分:0)
您可以使用int strlen ( string $string )函数检查字符串的长度,因此在您的情况下,您可以检查您的变量:
if ( strlen($vinfield) != 17){
///do something
}
但我首先会在输入表单上验证您的变量。比如使用html max lenght标签:
<input type="text" name="vin" maxlength="17" id="vin">
然后还使用javascript进行验证:
<script>
function validate() {
submitFlag = true;
if(document.yourForm.vin.value.length != 17){
submitFlag=false;
alert("ivalid length - 17 characters needed!");
}
return submitFlag;
}
</script>
并将其包含在您的表单标记中:
onsubmit="return validate()"