堆栈内存溢出
  简体   繁体   English

PHP泄漏和未定义变量

[英]PHP Leaking & Undefined Variables

 原文  2017-02-26 19:01:03       php/ html/ css/ forms/ contact

问题描述

First time posting. 第一次发布。 I'm fairly new at this. 我对此很陌生。 I have experience with HTML/CSS, but not a lot with JS or PHP. 我有使用HTML / CSS的经验,但是没有使用JS或PHP的经验。 I'm trying to create a contact form for my website, where users will get alerts when fields are left incomplete, and then have their information be sent to my email if everything is correct. 我正在尝试为我的网站创建一个联系表单,当字段不完整时,用户将收到警报,然后如果一切正确,则将其信息发送到我的电子邮件中。

I used a tutorial to get most of the code, but I customized parts of it to fit my needs, and added a few repeatitive stuff. 我使用了教程来获取大部分代码,但是我根据自己的需要自定义了部分代码,并添加了一些可重复的内容。

Screenshot 截图

However, it's not working. 但是,它不起作用。 Or well I think it's called a PHP leak? 还是我认为这被称为PHP泄漏? I'm getting errors mentioning undefined variables. 我在提到未定义变量时出错。 Anyway, here's the PHP codes, followed by the HTML. 无论如何,这是PHP代码,然后是HTML。 

<?php
if (isset($_POST["submit"])) {
    $name = $_POST['name'];
    $email = $_POST['email'];
    $tel = $_POST['tel'];
    $company = $_POST['companyl'];
    $message = $_POST['message'];
    $from = 'name'; 
    $to = 'johndoe@domain.com'; 
    $subject = 'company';

    $body ="From: $name\n E-Mail: $email\n Message:\n $message";
    // Check if name has been entered
    if (!$_POST['name']) {
        $errName = 'Please enter your name';
    }

    // Check if email has been entered and is valid
    if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $errEmail = 'Please provide us with an email address.';
    }

    //Check if phone number  has been entered
    if (!$_POST['tel']) {
        $errTel = 'Please enter a number we can reach you at.';
    }

    //Check if Company name has been entered
    if (!$_POST['company']) {
        $errCompany = 'What is the name of your company?';
    }

    //Check if message has been entered
    if (!$_POST['message']) {
        $errMessage = 'Please tell us more about your company and your needs.';
    }

    //Check if simple anti-bot test is correct
    if ($human !== 4) {
        $errHuman = 'Incorrect answer! Try again.';
    }

// If there are no errors, send the email
if (!$errName && !$errEmail && !$errMessage && !$errTel && !$errCompany && !$errHuman) {
    if (mail ($to, $subject, $body, $from)) {
        $result='<div class="alert alert-success">We will get in touch with you shortly!</div>';
    } else {
        $result='<div class="alert alert-danger">Sorry there was an error sending your message. Please try again later.</div>';
    }
}
    }
?>

HTML: HTML: 

<form role="form" method="post" action="index.php">
    <div class="row">
        <div class="col-lg-6 form-group">
            <input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php echo htmlspecialchars($_POST['name']); ?>">
                <?php echo "<p class='text-danger'>$errName</p>";?>
        </div>
        <div class="col-lg-6 form-group">
            <input type="tel" class="formbox text-muted" id="tel" name="tel" placeholder="Phone number" required value="<?php echo htmlspecialchars($_POST['tel']); ?>">
                <?php echo "<p class='text-danger'>$errTel</p>";?>
        </div>
    </div>
    <div class="row">
        <div class="col-lg-6 form-group">
            <input type="email" class="formbox text-muted" id="email" name="email" placeholder="Email address" required value="<?php echo htmlspecialchars($_POST['email']); ?>">
            <?php echo "<p class='text-danger'>$errEmail</p>";?>

        </div>
        <div class="col-lg-6 form-group">
            <input type="text" class="formbox text-muted" id="company" name="company" placeholder="Name of your company" required value="<?php echo htmlspecialchars($_POST['company']); ?>">
            <?php echo "<p class='text-danger'>$errCompany</p>";?>
        </div>
    </div>

    <div class="row">
        <div class="col-lg-12 form-group">
                <textarea name="message" class="messagebox text-muted" id="message" name="message" placeholder="Tell us about the company you're trying to pitch" required></textarea>
        </div>
    </div>
    <div class="row">
        <div class="col-lg-6 pull-left">
            <input type="text" class="formbox text-muted" id="human" placeholder="What is is 2+2?" required value="<?php echo htmlspecialchars($_POST['human']); ?>">
            <?php echo "<p class='text-danger'>$errHuman</p>";?>
        </div>
        <div class="col-lg-4 pull-right">
            <button id=" submit" type="submit" class="inputsubmit btn btn-block btn-default btn-xl sr-button" value="send">Send Message!</button>
        </div>
        <div class="col-lg-6 pull-right">
            <?php echo $result; ?>
        </div>
    </div>
</form>

2 个解决方案

解决方案1
 0  2017-02-26 19:05:42

An easy fix: You can set all your $_POST['x'] variables to an empty string if they aren't set (don't exist), which will eliminate the undefined variable errors. 一个简单的解决方法:如果未设置(不存在)所有$_POST['x']变量,都可以将它们设置为空字符串,这将消除未定义的变量错误。 

foreach( array( 'name', 'tel', 'email', 'company', 'human' ) as $key ){
    if ( !isset( $_POST[ $key ] ) ) $_POST[ $key ] = '';
}

This should be done at the top of your PHP script. 这应该在您的PHP脚本的顶部完成。

What's happening is you're trying to use the previously entered value ( $_POST['name'] ) in your HTML ( value="<?php ... ?>" ). 发生了什么事,您正在尝试在HTML( value="<?php ... ?>" )中使用先前输入的值( $_POST['name'] )。 If the user is visiting the form for the first time, they haven't provided any name, haven't posted any form data, so $_POST['name'] does not exist. 如果用户是第一次访问该表单,则他们没有提供任何名称,也没有发布任何表单数据,因此$_POST['name']不存在。

A better fix: don't output the value if it doesn't exist. 更好的解决办法:如果不存在该值,则不输出。 Change: 更改: 

<input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php echo htmlspecialchars($_POST['name']); ?>">

to: 至: 

<input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php if( isset( $_POST['name'] ) ) { echo htmlspecialchars($_POST['name']); } ?>">

Also, it appears you have a typo early on where you use companyl instead of company : 另外,您似乎在使用companyl而不是company地方输入字词很早: 

$company = $_POST['companyl'];

UPDATE You replied in your comments you're still getting undefined variables regarding error messages. 更新您在评论中回答,您仍在获取有关错误消息的未定义变量。 You should so some similar checks here, to make sure there's an err message to echo : 您应该在这里进行一些类似的检查,以确保有一条错误消息要echo 

<?php echo "<p class='text-danger'>$errTel</p>";?>

becomes: 变为: 

<?php if( isset( $errTel ) ) { echo "<p class='text-danger'>$errTel</p>"; } ?>

(and so on, for all occurrences) (依此类推,适用于所有情况)

解决方案2
 0  2017-02-26 19:26:20

You should use a small inline php condition on your input value field- 您应该在输入值字段上使用小的内联php条件- 

<?php echo ($_POST['anything']) ? $_POST['anything'] : ''?>

The explanation is when you trying to load your page normally the $_POST is missing from the page. 原因是当您尝试正常加载页面时,页面中缺少$_POST So just check inline if the variable exists or not. 因此,只需检查内联变量是否存在。 If exists then use the variable otherwise leave empty value. 如果存在,则使用变量,否则留空值。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 需要一个任意的 PHP 文件而不会将变量泄漏到作用域中 - Require an arbitrary PHP file without leaking variables into scope Php未定义变量错误 - Php undefined variables error PHP未定义的变量 - PHP Undefined variables PhP未定义变量 - PhP Undefined Variables PHP 和未定义变量策略 - PHP and undefined variables strategy PDO / PHP未定义的变量 - PDO/PHP Undefined variables PHP模板中的未定义变量 - Undefined variables in PHP template php中未定义的索引和变量 - Undefined indices and variables in php PHP环境变量未定义 - PHP Environment Variables Undefined PHP未定义的索引/变量 - PHP Undefined index / variables
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM