使用PHP文件

时间:2017-04-05 22:24:39

标签: php html

我在通过电子邮件正确发送邮件表单中的数据时遇到问题。 它对电子邮件消息有些奇怪。

原始表格讯息:

Enter Name: Fake Name
Enter Email Address: fake.name@doesnotexist.com
Enter Message: Email test number 4(four).

Submit
_____________________________________________

我收到的电子邮件:

From: <fake.name@doesnotexist.com>
Subject: <New Form submission>
Reply to: <warnerheston@sungraffix.net>
To: Me <web289portfolio@sungraffix.net>
_____________________________________________

You have received a new message from the user Fake Name.
Here is the message:
Email test number 4(four).web289portfolio@sungraffix.net
_____________________________________________

邮件正文中的电子邮件是“(四).web289portfolio @ sungraffix.net”并加下划线/超链接... STRANGE !!

不支持在所有消息体中都有任何电子邮件地址。用户在消息结束时没有输入电子邮件地址。一些情况下,PHP代码正在将目的地电子邮件地址发送到消息体中,并将​​用户消息的最后“字”附加到用户发送消息时的电子邮件地址。

有人能告诉我我做错了吗?

<?php
if(!isset($_POST['submit']))
{
    //This page should not be accessed directly. Need to submit the form.
    echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];



//Validate first
if(empty($name)||empty($visitor_email)||empty($message)) 
{
    header('Location: contact-form-incomplete.html');
    exit;
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

$email_from = $_POST['email']; //<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n".
    "Here is the message:\n $message".

$to = "web289portfolio@sungraffix.net";//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: contact-thankyou.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}

?> 

这是HTML表单:

<form method="post" name="myemailform" action="form-to-email.php">
        <p>
            <label for='name'><span class='form'>Enter Name:</span></label><br>
            <input type="text" name="name" size="36">
        </p>
        <p>
            <label for='email'><span class='form'>Enter Email Address:</span></label><br>
            <input type="email" name="email" size="36">
        </p>
        <p>
            <label for='message'><span class='form'>Enter Message:</span></label> <br>
            <textarea name="message" cols='48' rows='9' maxlength='300'></textarea>
        </p>
    <input type="submit" name='submit' value="submit">&nbsp;&nbsp;&nbsp;<input type="reset">
</form>

1 个答案:

答案 0 :(得分:0)

仔细查看$email_body上的代码,您实际上将$email_body$to连接起来。 .末尾的串联$email_body应为;