PHP过滤器失败

时间:2011-03-12 17:39:32

标签: php validation

在以下代码中,电子邮件清理和验证:

if ($_POST['email'] != "") {
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
    }
} else {
    $errors .= 'Please enter your email address.<br/>';
}

允许:

ck @ //// bushidodee / xom

过滤器的新功能,并且不明白为什么没有消毒?

<小时/> 完整代码:      
     if (isset($_POST['Submit'])) {

        if ($_POST['name'] != "") {
            $_POST['name'] = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
            if ($_POST['name'] == "") {
                $errors .= 'Please enter a valid name.<br/><br/>';
            }
        } else {
            $errors .= 'Please enter your name.<br/>';
        }

        if ($_POST['email'] != "") {
            $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
            }
        } else {
            $errors .= 'Please enter your email address.<br/>';
        }

        if ($_POST['homepage'] != "") {
            $homepage = filter_var($_POST['homepage'], FILTER_SANITIZE_URL);
            if (!filter_var($homepage, FILTER_VALIDATE_URL)) {
                $errors .= "$homepage is <strong>NOT</strong> a valid URL.<br/><br/>";
            }
        } else {
            $errors .= 'Please enter your home page.<br/>';
        }

        if ($_POST['message'] != "") {
            $_POST['message'] = filter_var($_POST['message'], FILTER_SANITIZE_STRING);
            if ($_POST['message'] == "") {
                $errors .= 'Please enter a message to send.<br/>';
            }
        } else {
            $errors .= 'Please enter a message to send.<br/>';
        }

        if (!$errors) {
            // $mail_to = 'me@somewhere.com';
            //             $subject = 'New Mail from Form Submission';
            //             $message  = 'From: ' . $_POST['name'] . "\n";
            //             $message .= 'Email: ' . $_POST['email'] . "\n";
            //             $message .= 'Homepage: ' . $_POST['homepage'] . "\n";
            //             $message .= "Message:\n" . $_POST['message'] . "\n\n";
            //             mail($to, $subject, $message);
            print_r($_POST);
            echo "Thank you for your email!<br/><br/>";
        } else {
            echo '<div style="color: red">' . $errors . '<br/></div>';
        }
    }
?>

<form name="form1" method="post" action="form-email.php">
    Name: <br/>
    <input type="text" name="name" value="<?php echo $_POST['name']; ?>" size="50" /><br/><br/>
    Email Address: <br/>
    <input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/>
    Home Page: <br/>
    <input type="text" name="homepage" value="<?php echo $_POST['homepage']; ?>" size="50" /> <br/><br/>
    Message: <br/>
    <textarea name="message" rows="5" cols="50"><?php echo $_POST['message']; ?></textarea>
    <br/>
    <input type="submit" name="Submit" value="Submit Form Data" />
</form>

2 个答案:

答案 0 :(得分:1)

嗯,我没有解决您的问题,您首先清理$_POST的输入并将其存储在$email中,如果您打印该var,您会看到它是ck@bushidodeexom然后您验证消毒后的输入 - 当然它通过了。

答案 1 :(得分:1)

试试这个...... 

  <?php   
        if ($_POST['email'] != ""){    
                $_POST['email'] = stripslashes(trim($_POST['email']));
                $tmpEmail=filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
                    if ( filter_var($tmpEmail, FILTER_VALIDATE_EMAIL)  == TRUE) {
                        }
                    else{
                $errors .= "Invalid Email";
                    }
                }
        else{
        $errors .= "Please enter email";
            }

            ?>
相关问题
最新问题