PHP Contact From 在查看页面时发送空白电子邮件

【问题标题】:PHP Contact From is sending blank emails when the page is viewedPHP Contact From 在查看页面时发送空白电子邮件
【发布时间】:2014-09-13 11:37:07
【问题描述】:

谁能帮我阻止每次查看页面时发送空白电子邮件?

这是我正在使用的代码。

<?php
// define variables and set to empty values
$nameErr = $emailErr = $genderErr  = "";
$name = $email = $gender = $comment =  "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["name"])) {
     $nameErr = "Name is required";
   } else {
     $name = test_input($_POST["name"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
       $nameErr = "Only letters and white space allowed"; 
     }
   }

   if (empty($_POST["email"])) {
     $emailErr = "Email is required";
   } else {
     $email = test_input($_POST["email"]);
     // check if e-mail address syntax is valid
     if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
       $emailErr = "Invalid email format";
     }
   }

   if (empty($_POST["comment"])) {
     $commentErr = "Comment is required";
   } else {
     $comment = test_input($_POST["comment"]);
     if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
       $commentErr = "Please leave a comment.";      
     }
   }
}

function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}


//create the body of the email
$body = "Name: {$_POST['name']}
\n\nEmail: {$_POST['email']}
\n\nComments: {$_POST['comment']}";
$body = wordwrap($body, 70);

// The mail function
mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");


?>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
   Name: <input type="text" name="name" class="text" value="<?php echo $name;?>">
   <span class="error">* <?php echo $nameErr;?></span>
   <br>
   Email: <input type="text" name="email" class="text" value="<?php echo $email;?>">
   <span class="error">* <?php echo $emailErr;?></span>
   <br>
   Comment: <textarea name="comment" rows="3" cols="20"><?php echo $comment;?></textarea>
   <span class="error">* <?php echo $commentErr;?></span><br>   
   <input type="submit" name="submit" value="Submit" class="submit"> 
<?php
//if everything is ok, print the message:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($name && $email && $comment) {
    echo "<p>Thank you, <b>$name</b>, for contacting us.</p>
    <p> We will email you back at <i>$email</i> in a couple days.</p>\n";
} else { //missing form value.
    echo '<p class="error">Please go back and fill out the form again.</p>';
    return false;
}
}

?>
</form>

【问题讨论】:

  • 您的所有 $_POST 值都正确传递了吗?
  • 您可以使用if(isset($_POST['submit'])) 而不是(第一个)if(isset($_POST['submit'])),这只会在按下提交按钮时执行您的代码。另外,检查空值等或使用 2 个单独的页面以及我的建议以及标题。
  • 据我所知,您的mail(); 函数没有放在任何大括号中,所以当有人浏览页面时总是会运行。 @JohnConde 的回答将给出最佳解决方案。
  • 所有 $-POST 值都被正确传递。我将尝试 if(isset$-POST['submit'])) 而不是我所拥有的。我没有考虑添加 mail();大括号内的函数。我也会尝试的。谢谢大家!

标签: php forms contact


【解决方案1】:

将所有表单逻辑放在if ($_SERVER["REQUEST_METHOD"] == "POST") { 语句中。不仅仅是验证:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if (empty($_POST["name"])) {
     $nameErr = "Name is required";
   } else {
     $name = test_input($_POST["name"]);
     // check if name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
       $nameErr = "Only letters and white space allowed"; 
     }
   }

   if (empty($_POST["email"])) {
     $emailErr = "Email is required";
   } else {
     $email = test_input($_POST["email"]);
     // check if e-mail address syntax is valid
     if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
       $emailErr = "Invalid email format";
     }
   }

   if (empty($_POST["comment"])) {
     $commentErr = "Comment is required";
   } else {
     $comment = test_input($_POST["comment"]);
     if (!preg_match("/^[a-zA-Z ]*$/",$comment)) {
       $commentErr = "Please leave a comment.";      
     }
   }


    //create the body of the email
    $body = "Name: {$_POST['name']}
    \n\nEmail: {$_POST['email']}
    \n\nComments: {$_POST['comment']}";
    $body = wordwrap($body, 70);

    // The mail function
    mail('email@email.com', 'Contact Us Submission', $body, "From: {$_POST['email']}");
}

仅供参考,您对header injections 持开放态度。这是您在将此代码发布到生产环境之前应该解决的问题。

【讨论】:

  • 那行得通 ;-) 你觉得my suggestion 怎么样?只是大声思考;-)
  • 另一个可行的选择。使用 PHP TMTOWTDI。 =)
  • TMTOWTDI - 是的。我们说的是“猫”还是“兔子”? (如何剥皮)咧嘴一笑 - 现在这只是邪恶的哈哈
  • 谢谢你,我会试试这个建议!
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2014-04-29
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode