【问题标题】:Contact form wont submit and keeps going to error page联系表格不会提交并继续进入错误页面
【发布时间】:2014-08-12 20:19:05
【问题描述】:

当我填写联系表单中的所有字段时,它会继续进入错误页面。我不知道为什么会这样。我希望联系表格将所有信息发送到我的个人电子邮件中。我查看了几乎所有的解决方案,但似乎无法解决问题。

我的表单代码是:

<div id="form">
    <form action="sendmail.php" method="post">
    <p>
        <label for="name">Name:</label>
        <input name="name" id="name" type="text" class="required">
        <span>Please enter your name</span>
    </p>
    <p>
        <label for="email">Email:</label>
        <input name="email" id="email" type="text" class="required"> 
        <span>Please enter a valid email address</span>
    </p>

    <p>
        <label for="subject">Subject:</label>
        <input name="subject" id="subject" type="text"> 
        <span>Please enter your subject</span>
    </p>
    <p>
        <label for="message">Message</label>
        <textarea name="message" id="message" class="required"></textarea> 
        <span>Please enter your message</span>
    </p>
    <p class="submit">
        <input type="submit" value="Submit" class="btn-submit">
    </p>
    </form>
</div>

我的 PHP 代码是:

<?php

// This function checks for email injection. Specifically, it checks for carriage returns 
$injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
);

$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
    return true;
}
else {
    return false;
}


// Load form field data into variables.
$name = $_REQUEST['name'] ;
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;


// If the user tries to access this script directly, redirect them to feedback form,
if (!isset($_REQUEST['email'])) {
    header( "Location: contact.html" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments)) {
    header( "Location: error.html" );
}

// If email injection is detected, redirect to the error page.
//elseif ( isInjected($email) ) {
    // header( "Location: error.html" );
}

// If we passed all previous tests, send the email!
else {
    mail( "f.ajibade@f-sharpmedia.com", "Feedback Form Results",
    $comments, "From: $email" );
    header( "Location: thankyou.html" );
}
?>

【问题讨论】:

  • 这是做什么的:else { return false; } }
  • 为什么要进行手动注入检查?有更好的库(例如,可以检测到更多的注入机会而改进)?

标签: php html forms contact


【解决方案1】:

因为您没有将电子邮件检查逻辑放入函数中,所以即使返回语句为真,return 语句也会阻止代码执行。正确的方法是:

if(preg_match($inject,$str)) {
  //process
}
else {
  exit();
}

编辑

以下是如何将该逻辑放入函数中

/**
 *This function checks for email injection. 
 *Specifically, it checks for carriage returns 
 *@return Boolean upon failure or success
 */
 function has_injection($email){
    $injections = array('(\n+)',
                        '(\r+)',
                        '(\t+)',
                        '(%0A+)',
                        '(%0D+)',
                        '(%08+)',
                        '(%09+)'
                 );

    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$email)) {
        return true;
    }
    else {
        return false;
    }
 }

然后使用它:

<?php

if(!has_injection($_REQUEST['email']){
    //process code
}else{
    die('terminating script because of email injection!');
}

【讨论】:

    【解决方案2】:

    代码比较乱

    $str 在哪里设置?

    您检查它是否有注入:if(preg_match($inject,$str)),但 $str 是什么?

    然后你检查empty($email_address) || empty($comments) 但这些不是您设置的变量(您设置了$email = $_REQUEST['email'], $message = $_REQUEST['message'] 等)

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2014-11-01
      • 2016-05-11
      • 2017-05-17
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多