我的表单输入验证无效,因为我希望它能够正常工作。
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'From: Kontaktformular';
$to = 'meine@mail.de';
$subject = 'Kontaktformular';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
在本部分中,我尝试验证输入:
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ($email === FALSE) {
echo 'Invalid email';
exit(1);
}
$body = str_replace("\n.", "\n..", $body);
现在我尝试发送邮件,如果输入不是NULL:
if(isset($_POST['Submit'])) {
if (mail ($to, $subject, $body, $from)) {
echo '<p>Message was sent!</p>';
} else {
echo '<p>Something went wrong :( Please try again</p>';
}
} else {
die ("Direct access not allowed!");
}
?>
我的问题是,我的代码返回“无效的电子邮件”或“不允许直接访问!”,但我不确定我做错了什么。
我的HTML表单:
<form method="post" action="php-contact.php" class="animated fadeIn">
<label>Name</label>
<input name="name" placeholder="Name">
<label>E-Mail</label>
<input name="email" type="email" placeholder="E-Mail, zum antworten…">
<label>Nachricht</label>
<textarea name="message" placeholder="Nachricht…"></textarea>
<input id="submit" name="submit" type="submit" value="Absenden">
</form>
我尝试使用这些代码示例: Proper prevention of mail injection in PHP
答案 0 :(得分:0)
除了您使用的误导性错误消息之外,这是您的问题:
isset($_POST['Submit'])
因为表单输入是:
<input name="submit">
这些都是区分大小写的。
print_r($_POST);看看你到底得到了什么。isset()。超越有用的通知绝不是一个好策略。答案 1 :(得分:0)
您正在以错误的顺序进行处理。在尝试分配变量然后习惯于构造消息之前,首先需要检查POSTed数据中是否存在各种表单字段。
<?php
/* test METHOD and if fields are present in POST array */
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'], $_POST['name'], $_POST['email'], $_POST['message'] ) ){
/* do some sanitation and validation on user input */
$name=filter_input( INPUT_POST, 'name', FILTER_SANITIZE_STRING );
$email=filter_var( filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL ), FILTER_VALIDATE_EMAIL );
$message=filter_input( INPUT_POST, 'name', FILTER_SANITIZE_STRING );
/* if the sanitation and validation succeeds, continue processing */
if( $name && $email && $message ){
$from = 'From: Kontaktformular';
$to = 'meine@mail.de';
$subject = 'Kontaktformular';
$body = "From: $name\nE-Mail: $email\nMessage:\n $message";
$status=mail( $to, $subject, $body, $from );
echo $status ? '<p>Message was sent!</p>' : '<p>Something went wrong :( Please try again</p>';
} else {
echo "bogus!"
}
} else {
die("Direct access not allowed!");
}
?>
答案 2 :(得分:0)
这是另一个如何构建此验证脚本的示例。注意我建议将邮件正文发送为text / plain,以便您的电子邮件客户端不会解释任何虚假的HTML。此外,我还添加了一些最大长度检查,以便用户无法提交任意长度的数据。
<?php
// check request method
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
throw new \RuntimeException('Invalid request method');
}
// get all input vars
$name = isset($_POST['name']) ? $_POST['name'] : null;
$email = isset($_POST['email']) ? $_POST['email'] : null;
$message = isset($_POST['message']) ? $_POST['message'] : null;
// validate values
if (empty($name) || empty($email) || empty($message)) {
throw new \RuntimeException('Invalid values provided');
}
if (strlen($name) > 64) {
throw new \RuntimeException('Name can have max 64 chars');
}
if (strlen($email) > 32) {
throw new \RuntimeException('Email can have max 32 chars');
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
throw new \RuntimeException('Invalid email format');
}
if (strlen($message) > 1023) {
throw new \RuntimeException('Message can have max 1023 chars');
}
// send mail
$headers = "From: your@email.com" . "\r\n";
$headers.= "Content-Type: text/plain";
$to = "meine@mail.de";
$subject = "Kontaktformular";
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
if (mail($to, $subject, $body, $headers)) {
echo '<p>Message was sent!</p>';
} else {
echo '<p>Something went wrong :( Please try again</p>';
}