PHP电子邮件发送问题与验证字段
[英]PHP email sending issue with validated fields
问题描述
I am facing an issue, I have successfully validated the input and required fields in my form. 
我遇到了一个问题,我已经成功验证了表单中的输入和必填字段。 But if the user Submits the form, no matter if the fields are empty; 但是如果用户提交表单,无论字段是否为空; it shows the error message with fields but also send the empty email. 它显示带有字段的错误消息,但也发送空电子邮件。
I believe there is just a simple tweak that needs to be done. 我相信只需要做一个简单的调整。 But I am lost. 但我迷路了。 Please look into the below code I have: 请查看下面的代码:
<?php
$nameErr = $snameErr = $emailErr = $ownerNameErr = $ownerNatErr = $genderErr = $websiteErr = "";
$name = $sname = $regAddress = $email = $gender = $comment = $ownerName = $ownerNat = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["name"]))
{$nameErr = "Name is required";}
else
{
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name))
{
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["sname"]))
{$snameErr = "Company Second Name is required";}
else
{
$sname = test_input($_POST["sname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$sname))
{
$snameErr = "Only letters and white space allowed";
}
}
extract($_POST);
$to="example@example.com";
$subject="Subject";
$body="<table width='100%' cellspacing='10' cellpadding='0'>
<tr>
<td style='color:blue;font-weight:bold;margin-left:500px;font-size:20px;' colspan='3'>My Form</td>
</tr>
<tr>
<td>Name</td>
<td>:</td>
<td>$name</td>
</tr>
<tr>
<td>Second Choice</td>
<td>:</td>
<td>$sname</td>
</tr>
</table>";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: MySite '."\r\n";
/*$headers .= 'Reply-To:'."$textfield5"."\r\n";*/
if(mail($to,$subject,$body,$headers))
{
$msg = "Thank you for contacting us. We will get back to you soon.";
/*$msg= "Successfully Sent";*/
}
else
{
$msg= "msg not sent";
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
HTML Part HTML部分
<span class="error">* <?php echo $ownerNatErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
input type="submit" name="submit" value="Submit Information">
Any help/Suggestion is highly appreciated. 任何帮助/建议都非常感谢。
Regards. 问候。
2 个解决方案
解决方案1
2 2013-11-02 09:31:28
Your validation is correct and I assume it does what you want, however: you do not prevent the mail() function from running if the validation fails. 您的验证是正确的,我认为它符合您的要求,但是:如果验证失败,您不会阻止mail()函数运行。
You could do this: 你可以这样做:
if ($valid) {
if (mail(...) {
...
} else {
...
}
}
This $valid variable sou should set to true by default and in the if statement, where you set the error messages, you should the variable to false . 这个$valid变量sou默认设置为true ,在if语句中设置错误消息,你应该将变量设置为false 。
This way the mail function would be called if the input is valid only. 这样,如果输入仅有效,则将调用mail函数。
Cheers. 干杯。
解决方案2
0 已采纳 2013-11-02 09:32:30
You check the parameters for errors and set some error messages but your code calls mail anyway, even if you found an error. 您检查参数是否有错误并设置一些错误消息,但您的代码仍会调用mail ,即使您发现错误也是如此。
You might want to add some conditions: 您可能想要添加一些条件:
if($snameErr === '' && $nameErr === '' ...) {
// call mail here, check whether it was successful and
// tell the user about it
} else {
// show error message or something else
}
By the way, I guess your code is vulnerable because you use extract($_POST) . 顺便说一句,我猜您的代码很容易受到攻击,因为您使用了extract($_POST) 。 An attacker might inject arbitrary variables and can therefore bypass your checks. 攻击者可能会注入任意变量,因此可以绕过您的检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.