我有一个联系表单,通过电子邮件向我发送提交的联系信息,但有时我会得到一个空的$_POST数组,这导致我收到一封空电子邮件。我使用验证器JavaScript文件来确保输入的字段不为空,并且我收到空电子邮件的唯一方法是$_POST为空。我包含了包含表单,JavaScript文件和PHP文件的代码。
我的表格:
<div class="row contact-wrap">
<div id="error-message" style="display: none;" ><p>ERROR</p></div>
<form id="main-contact-form" class="contact-form" name="contact-form" method="post" action="sendemail.php" data-toggle="validator" role="form">
<div class="col-sm-5 col-sm-offset-1">
<div class="form-group">
<label for="inputname" class="control-label">NAME</label>
<input type="text" name="name" id="inputname" class="form-control" data-error="Name required!" required>
</div>
<div class="form-group">
<label for="inputemail" class="control-label">EMAIL</label>
<input type="email" name="email" id="inputemail" class="form-control" data-error="Email required!" required>
</div>
</div>
<div class="col-sm-5">
<div class="form-group">
<label for="inputsubject" class="control-label">SUBJECT</label>
<input type="text" name="subject" id="inputsubject" class="form-control" data-error="Subject required!" required>
</div>
<div class="form-group">
<label for="inputmessage" class="control-label">MESSAGE</label>
<textarea name="message" id="inputmessage" class="form-control" rows="8" data-error="Message required!" required></textarea>
</div>
<div class="form-group">
<button type="submit" name="submit" class="btn btn-primary btn-lg" required="required">SUBMIT</button>
</div>
</div>
</form>
</div>
<script src="js/main.js"></script>
<script src="js/validator.min.js"></script>
main.js用于验证我的字段的JavaScript文件:
jQuery(function($) {'use strict',
var form = $('#main-contact-form')
var message = $('#error-message')
form.validator().on('submit', function (e) {
if (e.isDefaultPrevented()) {
message.fadeIn();
} else {
e.preventDefault();
$.ajax({
type: "POST",
url: $(this).attr('action'),
data: form.serialize(),
beforeSend: function(){
form.prepend(
message
.html('<p>Sending...</p>')
.fadeIn()
);
}
}).done(function(data){
message.html('<p>' + data.message + '</p>').delay(2000).fadeOut();
form.delay(2000).fadeOut();
console.log("DONE");
});
}
})
});
sendmail.php文件我用来向自己发送表单数据:
<?php
// configure
$from = $_POST['email'];
$sendTo = 'my@email.com';
$fields = array('name' => 'Name', 'email' => 'Email', 'subject' => 'Subject', 'message' => 'Message');
try
{
$emailText = "\n=============================\n";
foreach ($_POST as $key => $value) {
if (isset($fields[$key])) {
$emailText .= "$fields[$key]: $value\n";
}
}
mail($sendTo, $subject, $emailText, "From: " . $from);
$responseArray = array('type' => 'success', 'message' => $okMessage);
}
catch (\Exception $e)
{
$responseArray = array('type' => 'danger', 'message' => $errorMessage);
}
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
$encoded = json_encode($responseArray);
header('Content-Type: application/json');
echo $encoded;
}
else {
echo $responseArray['message'];
}
答案 0 :(得分:1)
sendmail.php无法检查,如果符合这些条件,发送电子邮件或如果不满足这些条件,请不要发送电子邮件。目前,始终会发送电子邮件。
某人或某物(蜘蛛,抓取工具,Googlebot等等)直接访问sendmail.php而未提交表单。检查sendmail.php中的提交:
if(!isset($_POST['submit'])) {
die("Scumbag, use the form!");
}
或检查每个提交的字段,因为有人也可以轻松地将submit或其他字段直接发布到您的脚本中。
对于更强大的内容,请参阅Cross-Site Request Forgeries,这也有助于此。