[英]php contact us form issue
I created a contact us form which should be simple and most importantly secure, so user can't enter code to be executed on the server side: 我创建了一个与我们联系的表单,该表单应该简单且最重要的是确保安全,因此用户无法输入要在服务器端执行的代码:
<?php
$userips = ($_SERVER['X_FORWARDED_FOR']) ? $_SERVER['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$ips = $userips;
// Clean up the input values
foreach($_POST as $key => $value) {
if(ini_get('magic_quotes_gpc'))
$_POST[$key] = stripslashes($_POST[$key]);
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
// Assign the input values to variables for easy reference
$name = $_POST["name"];
$email = $_POST["email"];
$reason = $_POST["reason"];
$message = $_POST["message"];
mail($to, $subject, $message, $headers);
// Send the email
$to = "test@testsite.com";
$subject = "From: $name . " Reason: " . $reason";
$message = "$message" . "\n\n\n==- Sent from the website with IP Address: " . $ips . " -==";;
$headers = "From: $email";
$send_contact=mail($to,$subject,$message,$header);
header("Location: http://www.testsite.com");
// Check, if message sent to your email
// display message "We've recived your information"
// if($send_contact){
// echo "We've recived your contact information";
// }
// else {
// echo "ERROR";
// }
?>
Will the above code do the job? 上面的代码能胜任吗? Or am I missing codes to ensure the security is set in place?
还是我缺少确保安全性设置到位的代码?
EDIT I have the following Jquery script which checks for email validity: 编辑我有以下Jquery脚本,用于检查电子邮件的有效性:
'email' : function() {
$('body').append('<div id="emailInfo" class="info"></div>');
var emailInfo = $('#emailInfo');
var ele = $('#email');
var pos = ele.offset();
emailInfo.css({
top: pos.top-3,
left: pos.left+ele.width()+15
});
var patt = /^.+@.+[.].{2,}$/i;
if(!patt.test(ele.val())) {
jVal.errors = true;
emailInfo.html('<img src=theImages/xMark.png title="Please enter a valid email address" alt="Please enter a valid email address" />').show();
ele.removeClass('normal').addClass('wrong');
} else {
emailInfo.html('<img src=theImages/checkMark.gif />').show();
ele.removeClass('wrong').addClass('normal');
}
},
With the above code, can i leave the ELSE statement blank in the php code? 使用上面的代码,我可以在php代码中将ELSE语句留空吗?
What you do need to look out for are email injections . 您需要注意的是电子邮件注入 。 You can put up a defense against them by using:
您可以使用以下方法来防御它们:
filter_var($email, FILTER_SANITIZE_EMAIL)
Your script had a number of mistakes, including parse errors: 您的脚本有很多错误,包括解析错误:
<?php
$userips = ($_SERVER['X_FORWARDED_FOR']) ? $_SERVER['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$ips = $userips;
// Clean up the input values
foreach($_POST as $key => $value) {
if(ini_get('magic_quotes_gpc'))
$_POST[$key] = stripslashes($_POST[$key]);
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
// Assign the input values to variables for easy reference
$name = $_POST["name"];
$email = $_POST["email"];
$reason = $_POST["reason"];
$message = $_POST["message"];
if(filter_var($email, FILTER_SANITIZE_EMAIL)){
// Send the email
$to = "test@testsite.com";
$subject = "From: $name Reason: $reason";
$message = "$message" . "\n\n\n==- Sent from the website with IP Address: " . $ips . " -==";;
$headers = "From: $email";
$send_contact=mail($to,$subject,$message,$headers);
header("Location: http://www.testsite.com");
}
else{
echo 'Bold!';
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.