我正在尝试使用隐藏字段技巧阻止使用我的一个表单的垃圾邮件,但由于某种原因它不起作用。当我填写应该留空的字段时,表单就像正常一样提交。
我的php有问题吗? (我认为这就是我的问题所在): 这是验证隐藏字段的代码(请参阅表单顶部):
if(!empty($_POST['email'])){ die('Stop Spamming'); }
这是完整的php表单:
<?
session_start();
include("verification_image.class.php");
$image = new verification_image();
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {
header('Location: http://www.domain.com/fail.htm');
exit;
}
if(!empty($_POST['email'])){ die('Stop Spamming'); }
$to = "email@domain.co.za";
$bcc = "email@domain.co.za";
$from = $_POST['contactemail'];
$subject = "INTERESTED ADVERTISER";
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
$sBodyNew = '<style type="text/css">
<!--
.style {
font-family: Arial;
font-size: 12px;
color: #4D241E;
}
body {
background-image: url();
background-color: #F1EAE4;
}
.style1 {font-size: 14px}
-->
</style>
<p> </p>
<table width="420" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td><table width="100%" border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF"
class="style">
<tr>
<td colspan="2" valign="top"><div align="center"><strong><span
class="style1">Website Deal</span><br>
.................................................................</strong><br>
</div></td>
</tr>
<tr>
<td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong>
</div></td>
<td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Name</strong></div></td>
<td valign="top">'.$_POST['contactname'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Contact Number</strong></div></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Email</strong></div></td>
<td valign="top">'.$_POST['contactemail'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Query</strong></div></td>
<td valign="top">'.$_POST['contactquery'].'</td>
</tr>
</table></td>
</tr>
</table>
';
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($to, $subject, $sBodyNew, $headers);
header('Location: http://www.domain.com/success.htm');
?>
这是我在HTML表单中添加的内容:
<label>
<input type="text" class="email" name="email" id="email" />
</label>
以下是HTML表单:
<form action="process_advertise.php" method="post" name="order"
onSubmit="MM_validateForm('contactname','','R','contactnumber','','R','contactemail',
'','RisEmail','validate','','R','contactquery','','R');return document.MM_returnValue">
<input name="success" type="hidden"
value=http://www.domain.com/success.htm>
<table width="465" border="0" cellspacing="0" cellpadding="0">
<!--DWLayoutTable-->
<tr>
<td width="465" height="387" valign="top"><span class="style66">NAME:
<input name="contactname" type="text" id="contactname" />
</span><br />
<span class="style66">CONTACT NUMBER:</span>
<input name="contactnumber" type="text" id="contactnumber" />
<br />
<span class="style66">EMAIL:
<input name="contactemail" type="text" id="contactemail" />
</span><br />
<span class="style66">QUERY:</span>
<textarea name="contactquery" cols="40" rows="8"
id="contactquery"></textarea>
<br />
<br />
<input type="text" class="email" name="email" id="email" />
<br />
<br />
<img src="picture.php" /><br />
<span class="style57 style16"><em>Please enter character<br />
as listed above</em></span><br />
<input name="validate" type="text" id="validate" />
<br />
<input type="reset" name="button2" id="button2" value="Reset" />
<input type="submit" name="button" id="button" value="Submit" /></td>
</tr>
</table>
</form>
任何人都知道我做错了什么?
=============================================== ======================== 解决问题:
好的伙计们...我已经再次测试了这个表格并且它现在正在运行! 我不是为什么它不能提前工作,但对于那些喜欢知道的人...我的所有编码都是正确的,除了我从我的进程php表单中删除了这段代码:
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
这个代码不是必需的,因为greg0rie指出
答案 0 :(得分:0)
代码注入代码的方式太多了。 您应该使用filter_var函数来最小化它。 用于验证电子邮件的使用(至少而不仅仅是):
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
echo("E-mail is not valid");
}else{
echo("E-mail is valid");
}
这段代码似乎很奇怪:
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {
if (!($image->validate_code($_POST['validate'])){