我刚刚建立了第一个带有验证的PHP联系表单,但无论如何都在发送电子邮件。我一定错过了什么。有谁能发现它?
<?php if($_SESSION['instance'] == '1') {
$email = $_POST['ENQemail'];
$firstname = $_POST['ENQfirst_name'];
$lastname = $_POST['ENQlast_name'];
$message = $_POST['ENQmessage'];
$secword = $_POST['ENQsecword'];
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
$ERRemail = 'invalid email address';
}
if (strlen($firstname < 2)) {
$ERRfirstname = 'Please enter your first name';
}
if (strlen($lastname < 2)) {
$ERRlastname = 'Please enter your surname';
}
if (strlen($message < 50)) {
$ERRmessage = 'Your message must be at least 50 characters';
}
if ($secword == $_SESSION['instance']) {
$ERRsecword = 'Your security word did not match the image';
}
else {
$to = "enquire@divethegap.com";
$subject = "DTG Enquiry - ".$firstname." ".$lastname ;
$message = $message;
$headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" .
"Content-type: text/html" . "\r\n";
mail($to, $subject, $message, $headers);
}
}
?>
有什么想法吗?
答案 0 :(得分:0)
您正在进行所有相互独立的验证,如果安全图像正确无论是否所有其他内容都通过了检查,您都会发送电子邮件,因为您发送电子邮件的else与之匹配if ($secword == $_SESSION['instance']) {
您可以执行以下操作之一:
将所有if更改为elseif s,以便仅当所有检查通过时才会发送最后else(发送电子邮件)输入
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
$ERRemail = 'invalid email address';
}
elseif (strlen($firstname < 2)) {
$ERRfirstname = 'Please enter your first name';
}
elseif (strlen($lastname < 2)) {
$ERRlastname = 'Please enter your surname';
}
elseif (strlen($message < 50)) {
$ERRmessage = 'Your message must be at least 50 characters';
}
elseif ($secword == $_SESSION['instance']) {
$ERRsecword = 'Your security word did not match the image';
}
else {
$to = "enquire@divethegap.com";
$subject = "DTG Enquiry - ".$firstname." ".$lastname ;
$message = $message;
$headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" . "Content-type: text/html" . "\r\n";
mail($to, $subject, $message, $headers);
}
设置一个标志,指示是否有任何检查失败。最后,如果一切顺利,只发送电子邮件:
$isValid = true;
if(invalidEmail){
$isValid =false;
}
if(invalidName){
$isValid =false;
}
//finally send mail if all validation passed
if($isValid) {
//send email
}
答案 1 :(得分:0)
底部是逻辑的固定版本。你错过了“别的如果”。
以下一行看起来应该检查不等式,但这取决于你的代码,所以你会更清楚:
if ($secword == $_SESSION['instance'])
以下是完整修复:
<?php if($_SESSION['instance'] == '1') {
$email = $_POST['ENQemail'];
$firstname = $_POST['ENQfirst_name'];
$lastname = $_POST['ENQlast_name'];
$message = $_POST['ENQmessage'];
$secword = $_POST['ENQsecword'];
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
$ERRemail = 'invalid email address';
}
else if (strlen($firstname < 2)) {
$ERRfirstname = 'Please enter your first name';
}
else if (strlen($lastname < 2)) {
$ERRlastname = 'Please enter your surname';
}
else if (strlen($message < 50)) {
$ERRmessage = 'Your message must be at least 50 characters';
}
else if ($secword == $_SESSION['instance']) {
$ERRsecword = 'Your security word did not match the image';
}
else {
$to = "enquire@divethegap.com";
$subject = "DTG Enquiry - ".$firstname." ".$lastname ;
$message = $message;
$headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" .
"Content-type: text/html" . "\r\n";
mail($to, $subject, $message, $headers);
}
}
?>
答案 2 :(得分:0)
包含电子邮件发送代码的else语句仅与之前的 if语句相关联。这意味着,只有当$secword == $_SESSION['instance']评估为false时,不才会被调用。其他验证检查是否成功无关紧要。
一种策略是通过将它们存储在数组中来跟踪发生的所有错误。如果数组为空,那么您知道所有字段都正常,并且发送电子邮件是安全的:
$errors = array();
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
$errors[] = 'invalid email address';
}
if (strlen($firstname < 2)) {
$errors[] = 'Please enter your first name';
}
//...
if (count($errors) == 0){
//send the email
mail(...);
} else {
//display the error messages
}
你的代码看起来不错!以下是其他一些建议:
为了在PHP中使用会话,你
必须先致电session_start()
功能。这应该是PHP脚本的第一件事。
ereg()功能
已在最新版本的PHP中弃用。这意味着可以在将来的PHP版本中删除该函数。建议您改用preg_match()功能(请注意使用
preg_match(),正则表达式字符串必须
以/字符开头和结尾。