PHP表单未经验证即提交

时间:2018-09-08 12:50:48

标签: php

我的表单未经验证就提交了。我有一个下拉框,其中根据选择的数字启用了文本。当我单击未验证的提交时,表单将被提交。您可以检查实时网站http://www.estampdutyrefund.com。我还附上了提交表单后网址外观的屏幕截图。

我的html代码

      <?php include("mail/challan.php"); ?>
      <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="challan_form" role="POST">
      <p class="text-black mb-4">How many challan do you need refund for?</p>         
      <select class="btn btn-primary btn-lg" id="selection" onchange="showchallan()">
      <option>1</option>
      <option>2</option>
      <option>3</option>
      <option>4</option>
      <option>5</option>
      </select>
      <div id="challanDiv">
      <p class="text-black mb-4 no-bottom">Enter the challan amount:</p>
      <p class="text-black">(STAMP DUTY + REGISTRATION)</p>
      <div class="row text-center">
      <div class="col-md-4 mx-auto">
      <div class="md-form">
          <div id="ch1"><label class="col-form-label">Challan 1</label>
      <input type="text" id="enable1" class="form-control" placeholder="Min Rs.30,000" name="challan1" value="<?= $challan_1;?>" onkeypress="return isNumber()" <?php if(!empty($challan_error)): ?> autofocus <?php endif; ?> />
      <span class="errors"><?php echo $challan_error;?></span>
          </div>
          <div id="ch2"><label class="col-form-label">Challan 2</label>
      <input type="text" id="enable2" class="form-control" placeholder="Min Rs.30,000" name="challan2" value="<?= $challan_2;?>" onkeypress="return isNumber()" <?php if(!empty($challan_error)): ?> autofocus <?php endif; ?> />
      <span class="errors"><?php echo $challan_error;?></span>
          </div>
          <div id="ch3"><label class="col-form-label">Challan 3</label>
      <input type="text" id="enable3" class="form-control" placeholder="Min Rs.30,000" name="challan3" value="<?= $challan_3;?>" onkeypress="return isNumber()" <?php if(!empty($challan_error)): ?> autofocus <?php endif; ?> />
      <span class="errors"><?php echo $challan_error;?></span>
          </div>
          <div id="ch4"><label class="col-form-label">Challan 4</label>
      <input type="text" id="enable4" class="form-control" placeholder="Min [enter image description here][1]Rs.30,000" name="challan4" value="<?= $challan_4;?>" onkeypress="return isNumber()" <?php if(!empty($challan_error)): ?> autofocus <?php endif; ?> />
      <span class="errors"><?php echo $challan_error;?></span>
          </div>
          <label class="col-form-label">Name</label>
      <input type="text" class="form-control" placeholder="Your Name" name="name" value="<?= $name;?>" <?php if(!empty($name_error)): ?> autofocus <?php endif; ?>/>
      <span class="errors"><?php echo $name_error;?></span>
          <label class="col-form-label">Email</label>
      <input type="email" class="form-control" placeholder="Your Email" name="email" value="<?= $email;?>" <?php if(!empty($email_error)): ?> autofocus <?php endif; ?>/>
      <span class="errors"><?php echo $email_error;?></span>
          <label class="col-form-label">Mobile</label>
          <input type="text" minlength="10" maxlength="10" class="form-control" placeholder="Your Number" name="mobile" onkeypress="return isNumber()" value="<?= $phone;?>" <?php if(!empty($phone_error)): ?> autofocus <?php endif; ?>/>
          <span class="errors"><?php echo $phone_error;?></span>
      <button class="btn btn-primary btn-xl m-4" type="submit" name="submit" form="challan_form" value="submit" >Submit</button>
    </div>
          </div>
          </div>
          </div>
    </form>

这是challan.php

<?php
// define variables and set to empty values
$name_error = $email_error = $phone_error = $challan_error = "";
$name = $email = $phone = $challan_1 = $challan_2 = $challan_3 = $challan_4 = $success = "";
$minchallan = 29999;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["challan1"])) {
        $challan_error = "*Enter Challan Amount";
    } else {
        $challan_1 = test_input($_POST["challan1"]);
        // check if Challan Amount more than 30k
        if ($challan_1 <= $minchallan) {
            $challan_error = "*Minimum Amount is 30000";
        }
    }
        if (empty($_POST["challan2"])) {
        $challan_error = "*Enter Challan Amount";
    } else {
        $challan_2 = test_input($_POST["challan2"]);
        // check if Challan Amount more than 30k
        if ($challan_2 <= $minchallan) {
            $challan_error = "*Minimum Amount is 30000";
        }
    }
        if (empty($_POST["challan3"])) {
        $challan_error = "*Enter Challan Amount";
    } else {
        $challan_3 = test_input($_POST["challan3"]);
        // check if Challan Amount more than 30k
        if ($challan_3 <= $minchallan) {
            $challan_error = "*Minimum Amount is 30000";
        }
    }
        if (empty($_POST["challan4"])) {
        $challan_error = "*Enter Challan Amount";
    } else {
        $challan_4 = test_input($_POST["challan4"]);
        // check if Challan Amount more than 30k
        if ($challan_4 <= $minchallan) {
            $challan_error = "*Minimum Amount is 30000";
        }
    }
    if (empty($_POST["name"])) {
        $name_error = "*Name is required";
    } else {
        $name = test_input($_POST["name"]);
        // check if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
            $name_error = "*Only letters and white space allowed";
        }
    }
    if (empty($_POST["email"])) {
        $email_error = "*Email is required";
    } else {
        $email = test_input($_POST["email"]);
        // check if e-mail address is well-formed
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $email_error = "*Invalid email format";
        }
    }
    if (empty($_POST["mobile"])) {
        $phone_error = "*Phone is required";
    } else {
        $phone = test_input($_POST["mobile"]);
        // check if Phone Number is well-formed
        if (!preg_match("/^[789]\d{9}$/i",$phone)) {
            $phone_error = "*Invalid phone number";
        }
    }

    if ($name_error == '' and $email_error == '' and $phone_error =='' and $challan_error ==''){
        $message_body = '';
        unset($_POST['submit']);
        foreach ($_POST as $key => $value){
            $message_body .=  "$key: $value\n";
        }

        $to = 'info@estampdutyrefund.com';
        $subject = 'Challan Order';
        $body = "\n Challan 1: $challan_1\n Challan 2: $challan_2\n Challan 3: $challan_3\n Challan 4: $challan_4\n Name: $name\n Email: $email\n Phone: $phone\n";
        $challansent= mail($to, $subject, $body);
        if ($challansent){
            $success = "Message sent, thank you for contacting us!";
            echo "<script type='text/javascript'>alert('$success');</script>";
            $name = $email = $phone = $challan_1 = $challan_2 = $challan_3 = $challan_4 = '' ;
        }
            echo "Error";
    }

}
function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
?>

1 个答案:

答案 0 :(得分:1)

检查您的html表单标签,我认为您缺少“ method”属性,该属性应类似于:

  <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="challan_form" method="post">