【发布时间】:2012-09-14 06:04:43
【问题描述】:
目前,我们收到了大量垃圾邮件。我刚刚添加了以下行:
if ($field_budget == "" || $field_timeline == "" || $field_email == "" || $field_name == "") {
echo "Please fill out all required form details, thank you!";
} else {
这帮助了几个星期,但现在垃圾邮件发送者又回来了。什么是改进我的表单的简单、优雅的方法(下面的完整代码)?
<?php
$field_name = $_POST['cf_name'];
$field_email = $_POST['cf_email'];
$field_website = $_POST['cf_website'];
$field_company = $_POST['cf_company'];
$field_budget = $_POST['cf_budget'];
$field_custombudget = $_POST['cf_custombudget'];
$field_timeline = $_POST['cf_timeline'];
$field_message = $_POST['cf_message'];
$mail_to = 'sean@seanduran.com';
$subject = 'Message from a site visitor, '.$field_name;
$body_message = 'Name: '.$field_name."\n";
$body_message .= 'e-mail: '.$field_email."\n";
$body_message .= 'Website: '.$field_website."\n";
$body_message .= 'Company: '.$field_company."\n";
$body_message .= 'Budget: '.$field_budget."\n";
$body_message .= 'Custom Budget: '.$field_custombudget."\n";
$body_message .= 'Timeline: '.$field_timeline."\n";
$body_message .= 'Message: '.$field_message;
$headers = 'From: '.$field_email."\r\n";
$headers .= 'Reply-To: '.$field_email."\r\n";
if ($field_budget == "" || $field_timeline == "" || $field_email == "" || $field_name == "") {
echo "Please fill out all required form details, thank you!";
} else {
$mail_status = mail($mail_to, $subject, $body_message, $headers);
if ($mail_status) { ?>
<script language="javascript" type="text/javascript">
alert('Thank you for the message. We will contact you shortly.');
window.location = 'http://seanduran.com';
</script>
<?php
}
else { ?>
<script language="javascript" type="text/javascript">
alert('Message failed. Please, send an email to sean@seanduran.com');
window.location = 'http://seanduran.com';
</script>
<?php
}
}
?>
【问题讨论】:
-
在表单中使用验证码怎么样? ?
-
重要的是,为了帮助阻止垃圾邮件发送者,请清理您的数据。您允许任何内容进入您的标题(并且您现在已经公开放置链接,因此您的首要任务是清理它。删除所有换行符注入标题。
-
如何限制允许用户在标题中放置的内容?
-
“删除所有换行符注入标题”。还要检查无效(不可打印)字符、电子邮件地址的有效性(使用 PHP 验证函数)并检查长度 - 如果超过 100 个字符则拒绝。只需阻止任何人将 naster 标头注入您的标头即可。