[英]Contact form is sending blank emails
I'm assuming it's just bots, but how can I stop this from happening? 我假设它只是机器人,但如何阻止这种情况发生呢? I at least have some validation at work here - both HTML5 "required" in the inputs and php. 我至少在这里有一些验证工作-输入和php中都需要HTML5。 Forgetting the client side validation, if I try to send it without filling in info it will return an error (with php). 忘记客户端验证,如果我尝试发送但未填写信息的验证,它将返回错误(使用php)。
How can bots send it through then if I can't? 如果我不能,机器人如何发送它呢? What do I need to add to this? 我需要添加什么呢?
<?php
$allowedFields = array(
'firstname',
'lastname',
'email',
'phone',
'address',
'prefer-email',
'prefer-snail ',
);
$requiredFields = array(
'firstname',
'lastname',
'email',
'phone',
'address',
'prefer-email',
'prefer-snail ',
);
$requiredEmail = array(
'email',
);
$errors = array();
foreach($_POST AS $key => $value) {
// first need to make sure this is an allowed field
if(in_array($key, $allowedFields)) {
$$key = $value;
// is this a required field?
if(in_array($key, $requiredFields) && $value == '') {
$errors[] = "The field $key is required.";
}
// is this a required field?
if(in_array($key, $requiredEmail) && !filter_var($value, FILTER_VALIDATE_EMAIL)) {
$errors[] = "A valid email is required.";
}
}
}
// were there any errors?
if(count($errors) > 0) {
$errorString = '<div class="error2"><h1>There was an error with the form.</h1><br />';
$errorString .= '<ul>';
foreach($errors as $error) {
$errorString .= "<li>$error</li>";
}
$errorString .= '</ul></div>';
// display the previous form
include 'index.php';
} else {
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$preferemail = $_POST['prefer-email'];
$prefersnail = $_POST['prefer-snail'];
$formcontent = "$firstname $lastname \r\n$email \r\n$phone \r\n$address \r\nPrefer Samples By: $preferemail $prefersnail \r\n";
//$recipient = "Tester <test@test.com>";
$recipient = "Tester <test@test.com>";
$subject = "Test.com Form Submission";
//$mailheader = "Landing Page <test@test.com>";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
header("Location: http://www.test.com/thanks.html");
}
You are only checking for errors in $_POST variables. 您仅在$ _POST变量中检查错误。 Bots may be using GET to submit the form, therefore side-stepping the validation you've set up that is dependent on the presence of $_POST variables. Bot可能正在使用GET提交表单,因此避开了您设置的取决于$ _POST变量是否存在的验证。
I'd recommend validating on all request variables: $_REQUEST. 我建议验证所有请求变量:$ _REQUEST。 Alternatively, you can check if any post variables exist, and if not, return the error - thereby forcing a POST. 或者,您可以检查是否存在任何post变量,如果不存在,则返回错误-从而强制执行POST。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.