发送前检查表单中的URL(服务器端)

时间:2019-03-25 05:00:35

标签: javascript html smarty

我有以下代码,用于在服务器端提交之前检查表单,我想包括的内容(如果可能)是检查消息中的URL,如果存在则防止消息被发送。

if (!empty($_POST['name']) && !empty($_POST['fromemail']) && !empty($_POST['message']) && $go == TRUE)
{
    //data has been filled
    $name = Filter::no_html($_POST['name']);
    $from = Filter::no_html($_POST['fromemail']);
    $start_dt = Filter::no_html($_POST['start_dt']);
    $end_dt = Filter::no_html($_POST['end_dt']);
    $comments = Filter::no_html($_POST['message']);
    $validate->isEmpty($name, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_NAME);
    $validate->isEmpty($from, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_EMAIL);
    $validate->isSingleEmail($from, LANG_JAVASCRIPT_PLEASE_ENTER_EMAIL);
    $validate->isEmpty($start_dt, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_START_DATE);
    $validate->isEmpty($end_dt, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_END_DATE);
    $validate->isEmpty($comments, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_MESSAGE);
    $modules->call_hook('contact_owner_submit', ''); // Call any module functions
    $id = (int) @$_POST['ownerid'];
    $vehicle = (int) @$_POST['listingid'];

    if ($validate->isError())
    {

1 个答案:

答案 0 :(得分:1)

您可以使用stristr方法在消息中搜索字符串中的某些条件:

$has_url = (stristr($comments, 'http') || stristr($comments, 'www.'));
if($has_url) {
  // prevent submit
}

更多有关stristr方法的信息: https://www.php.net/manual/en/function.strstr.php

因此您的代码应如下所示:

if (!empty($_POST['name']) && !empty($_POST['fromemail']) && !empty($_POST['message']) && $go == TRUE) {

  $has_url = (stristr($_POST['message'], 'http') || stristr($_POST['message'], 'www.'));
  if($has_url) {
    // whatever happens if contains url
  }

  $name = Filter::no_html($_POST['name']);
  $from = Filter::no_html($_POST['fromemail']);
  $start_dt = Filter::no_html($_POST['start_dt']);
  $end_dt = Filter::no_html($_POST['end_dt']);
  $comments = Filter::no_html($_POST['message']);
  $validate->isEmpty($name, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_NAME);
  $validate->isEmpty($from, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_EMAIL);
  $validate->isSingleEmail($from, LANG_JAVASCRIPT_PLEASE_ENTER_EMAIL);
  $validate->isEmpty($start_dt, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_START_DATE);
  $validate->isEmpty($end_dt, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_END_DATE);
  $validate->isEmpty($comments, LANG_JAVASCRIPT_PLEASE_ENTER . " " . LANG_YOUR_MESSAGE);
  $modules->call_hook('contact_owner_submit', ''); // Call any module functions
  $id = (int) @$_POST['ownerid'];
  $vehicle = (int) @$_POST['listingid'];

  if ($validate->isError())
    // whatever goes here
  {
}
相关问题
最新问题