收集电子邮件和网站地址的PHP表单
[英]PHP form that collects email and website address
问题描述
I have built the following form that collects both email addresses and website urls from people. 
我建立了以下表单,该表单收集了人们的电子邮件地址和网站URL。 In the database the email and website url are set to be unique so a person cannot enter the same email and website twice. 在数据库中,电子邮件和网站url被设置为唯一,因此一个人不能两次输入相同的电子邮件和网站。
However being new to PHP I want to double check that the form does not contain any serious problems that could allow a person to do something malicious with the form and/or has validation issues that could be exploited. 但是,我是PHP的新手,我想再次检查该表单是否包含任何严重的问题,这些问题可能使一个人对表单进行恶意处理和/或存在可被利用的验证问题。 Also because I want to hide the form on postback BUT show it again for errors, I have ended up duplicating the form which isn't ideal but not a big deal in this circumstance as it's just a quick form. 另外,由于我想在回发中隐藏表单,但由于错误而再次显示该表单,因此我最终复制了不理想的表单,但在这种情况下并不重要,因为它只是一种快速表单。 The main factor is making sure the validation is pretty strong and no holes exist in terms of server/sql attacks in the form. 主要因素是确保验证非常强大,并且在形式上的服务器/ SQL攻击方面不存在漏洞。
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
// DATABASE CONNECTION HERE
$email = mysql_real_escape_string($_POST['EMAIL']);
$website = mysql_real_escape_string($_POST['WEBSITE']);
if ( $email == '' || $website == '' || !filter_var($website, FILTER_VALIDATE_URL) || !filter_var($email, FILTER_VALIDATE_EMAIL) )
{
echo '<p style="color:red;">You must fill out all fields correctly and duplicate emails/websites are not permitted!</p>';
?>
<form action="./" method="post">
<label for="EMAIL">Email Address</label>
<input type="email" value="" name="EMAIL" id="EMAIL" required>
<label for="WEBSITE">Website URL</label>
<input type="url" value="" name="WEBSITE" id="WEBSITE" required>
<input type="submit" value="Join" name="join">
</form>
<?php
}
else
{
$query = "INSERT INTO list VALUES (NULL, '$email','$website')";
$result = mysql_query($query);
echo '<p>THANKS!</p>';
}
}
else
{
?>
<form action="./" method="post">
<label for="EMAIL">Email Address</label>
<input type="email" value="" name="EMAIL" id="EMAIL" required>
<label for="WEBSITE">Website URL</label>
<input type="url" value="" name="WEBSITE" id="WEBSITE" required>
<input type="submit" value="Subscribe" name="subscribe">
</form>
<?php } ?>
2 个解决方案
解决方案1
0 2012-08-19 15:52:31
You could validate the values using these validation filters . 您可以使用这些验证过滤器来验证值。 You can find some instructions for this here . 你可以找到一些说明这里本 。
To prevent cross site scripting and similar attack vectors you should not insert the email or url into the database unless it has been validated. 为防止跨站点脚本编写和类似的攻击媒介,除非经过验证,否则不应将电子邮件或url插入数据库。
解决方案2
0 2012-08-19 16:04:51
I think it should work great as long as you are using the important functions such as real escape and validate url nd email. 我认为,只要您使用诸如真正的转义和验证URL和电子邮件之类的重要功能,它就应该很好用。 keep it up 保持
Thnx n
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.