【问题标题】:Hidden Form Field - What am I doing wrong?隐藏表单域 - 我做错了什么?
【发布时间】:2012-01-21 14:20:39
【问题描述】:

我正在尝试使用 Hidden Field 技巧来防止包含我的一种表单的垃圾邮件,但由于某种原因它无法正常工作。当我填写应该留空的字段时,表单就像正常一样提交。

我的 php 有什么问题吗? (我认为这就是我的问题所在): 这是验证隐藏字段的代码(请参阅我的表单顶部):

 if(!empty($_POST['email'])){ die('Stop Spamming'); }

这是完整的 php 表单:

<?
session_start();
include("verification_image.class.php");
$image = new verification_image();
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {
    header('Location: http://www.domain.com/fail.htm'); 
    exit;
}

if(!empty($_POST['email'])){ die('Stop Spamming'); }

$to = "email@domain.co.za"; 
$bcc = "email@domain.co.za";
$from = $_POST['contactemail'];  
$subject = "INTERESTED ADVERTISER"; 

$sbody = '<table width="420" height="135" border="0" align="center" 
cellpadding="0" cellspacing="0">
            <!--DWLayoutTable-->
            <tr>
              <td height="90" colspan="5"><div align="center">Reservation &amp; 
 Enquiries Submission Form </div></td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
 class="style7">Full Name</span></td>
              <td width="180" valign="top">'.$_POST['contactname'].'</td>
              <td width="42">&nbsp;</td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Contact number</span></td>
              <td valign="top">'.$_POST['contactnumber'].'</td>
              <td>&nbsp;</td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Email</span></td>
              <td valign="top">'.$_POST['contactemail'].'</td>
              <td>&nbsp;</td>
            </tr>
            <tr>
              <td height="35" colspan="3" align="center" valign="bottom"><span 
class="style7">Query</span></td>
              <td colspan="2" rowspan="2" 
valign="middle">'.$_POST['contactquery'].'</td>
            </tr>
            <tr>
              <td width="84" height="108" align="center" valign="middle">
 <!--DWLayoutEmptyCell-->&nbsp;</td>
              <td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
 nbsp;</td>
              <td width="17">&nbsp;</td>
            </tr>
            <tr>
              <td height="17"></td>
              <td></td>
              <td></td>
              <td></td>
              <td></td>
            </tr>
          </table>';
$sBodyNew = '<style type="text/css">
<!--
.style {
font-family: Arial;
font-size: 12px;
color: #4D241E;
}
body {
background-image: url();
background-color: #F1EAE4;
}
.style1 {font-size: 14px}
-->
</style>
<p>&nbsp;</p>
<table width="420" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td><table width="100%"  border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF" 
class="style">
  <tr>
    <td colspan="2" valign="top"><div align="center"><strong><span 
class="style1">Website Deal</span><br>

 &nbsp;.................................................................</strong><br>
 &nbsp;</div></td>
    </tr>
  <tr>
    <td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong>
 </div></td>
    <td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td>
  </tr>
  <tr>
    <td valign="top"><div align="left"><strong>Name</strong></div></td>
    <td valign="top">'.$_POST['contactname'].'</td>
  </tr>
  <tr>
    <td valign="top"><div align="left"><strong>Contact Number</strong></div></td>
    <td valign="top">'.$_POST['contactnumber'].'</td>
  </tr>
  <tr>
    <td valign="top"><div align="left"><strong>Email</strong></div></td>
    <td valign="top">'.$_POST['contactemail'].'</td>
  </tr>
  <tr>
    <td valign="top"><div align="left"><strong>Query</strong></div></td>
    <td valign="top">'.$_POST['contactquery'].'</td>
  </tr>
 </table></td>
 </tr>
</table>
';            
$headers  = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n"; 
$success = mail($to, $subject, $sBodyNew, $headers);              
header('Location: http://www.domain.com/success.htm');  
?>

这是我添加到 HTML 表单中的内容:

<label>
<input type="text" class="email" name="email" id="email" />
</label>

HTML 表单如下:

<form action="process_advertise.php" method="post" name="order" 
onSubmit="MM_validateForm('contactname','','R','contactnumber','','R','contactemail',
'','RisEmail','validate','','R','contactquery','','R');return document.MM_returnValue">
          <input name="success" type="hidden" 
 value=http://www.domain.com/success.htm>
          <table width="465" border="0" cellspacing="0" cellpadding="0">
            <!--DWLayoutTable-->
            <tr>
              <td width="465" height="387" valign="top"><span class="style66">NAME: 
                <input name="contactname" type="text" id="contactname" />
              </span><br />
              <span class="style66">CONTACT NUMBER:</span>
              <input name="contactnumber" type="text" id="contactnumber" />
              <br />
              <span class="style66">EMAIL:
              <input name="contactemail" type="text" id="contactemail" />
                                                                                           </span><br />
                <span class="style66">QUERY:</span>
                                <textarea name="contactquery" cols="40" rows="8"  
id="contactquery"></textarea>
                                <br />
                <br />
                <input type="text" class="email" name="email" id="email" />
                <br />
                <br />
                <img src="picture.php" /><br />
                <span class="style57 style16"><em>Please enter character<br />
as listed above</em></span><br />
<input name="validate" type="text" id="validate" />
<br />
<input type="reset" name="button2" id="button2" value="Reset" />
<input type="submit" name="button" id="button" value="Submit" /></td>
            </tr>
            </table>
</form>

有人知道我做错了什么吗?

================================================ ========================= 问题解决:

好的,伙计们...我已经再次测试了表单并且它现在可以工作了! 我不是为什么它不早点工作,但对于那些想知道的人......我所有的编码都是正确的,除了我从我的进程 php 表单中删除了这段代码:

$sbody = '<table width="420" height="135" border="0" align="center" 
 cellpadding="0" cellspacing="0">
            <!--DWLayoutTable-->
            <tr>
              <td height="90" colspan="5"><div align="center">Reservation &amp; 
 Enquiries Submission Form </div></td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
 class="style7">Full Name</span></td>
              <td width="180" valign="top">'.$_POST['contactname'].'</td>
              <td width="42">&nbsp;</td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
 class="style7">Contact number</span></td>
              <td valign="top">'.$_POST['contactnumber'].'</td>
              <td>&nbsp;</td>
            </tr>
            <tr>
              <td height="25" colspan="3" align="center" valign="middle"><span 
 class="style7">Email</span></td>
              <td valign="top">'.$_POST['contactemail'].'</td>
              <td>&nbsp;</td>
            </tr>
            <tr>
              <td height="35" colspan="3" align="center" valign="bottom"><span 
 class="style7">Query</span></td>
              <td colspan="2" rowspan="2" 
 valign="middle">'.$_POST['contactquery'].'</td>
            </tr>
            <tr>
              <td width="84" height="108" align="center" valign="middle">
 <!--DWLayoutEmptyCell-->&nbsp;</td>
              <td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
 nbsp;</td>
              <td width="17">&nbsp;</td>
            </tr>
            <tr>
              <td height="17"></td>
              <td></td>
              <td></td>
              <td></td>
              <td></td>
            </tr>
          </table>';

greg0rie 指出,此代码不是必需的

【问题讨论】:

  • 我在这段代码中没有看到任何&lt;form&gt;
  • 这是后端 php 表单 - 请参阅上面的编辑
  • 您正在回显 html 标签。这是非常错误的,你正在失去句法色彩。您可以为此使用 output_buffering。
  • 请粘贴整个表单的html代码
  • @yes123 你是怎么得出这个结论的?

标签: php css forms validation spam


【解决方案1】:

您的代码可以通过多种方式进行代码注入。 您应该使用 filter_var 函数来最小化它。 用于验证电子邮件的使用(至少而不只是):

if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
    echo("E-mail is not valid");
}else{
    echo("E-mail is valid");
}

你这行代码好像很奇怪:

if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {

这样不是更方便吗?

if (!($image->validate_code($_POST['validate'])){

【讨论】:

  • 我不是开发人员,所以我不知道 if (!($image->validate_code($_POST['validate'])){ 是否会更好,但我会测试它出来了。“电子邮件”字段是垃圾邮件发送者将填写的隐藏字段,人类看不到。
猜你喜欢
  • 1970-01-01
  • 2011-10-22
  • 2016-05-14
  • 1970-01-01
  • 2010-11-26
  • 1970-01-01
  • 2011-06-01
  • 1970-01-01
  • 2014-04-26
相关资源
最近更新 更多