无法使用验证码验证表单

Question

我在这里遇到问题，我的表单无法使用验证码进行验证，这意味着如果验证码为空，则仍然可以将表单发送到我的数据库，

这是我的PHP连接代码，用于将消息发送到我的数据库

<?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
//Define the database

session_start();
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
//Pick data from table in HTML

$conn = new mysqli($servername, $dbusername, $dbpassword, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
if (empty($name)){
    echo '<script>alert("Name cannot be blank. Please insert your name.");
        window.history.go(-1);
        </script>';
    die();
}
if (empty($email)){
    echo '<script>alert("Your message has been sent. Thank you for your cooperation.");
        window.history.go(-1);
        </script>';
    die();
}
if (empty($message)){
    echo '<script>alert("Please tell us what is in your mind. Thank you.");
        window.history.go(-1);
        </script>';
    die();
}
if(empty($_SESSION['code'] ) ||
     strcasecmp($_SESSION['code'], $_POST['code']) != 0)
{
    //Note: the captcha code is compared case insensitively.
    //if you want case sensitive match, update the check above to
    // strcmp()
    $errors .= "\n The captcha code does not match!";
}
//Error message of the form

$sql = "INSERT INTO testingdb (Name, Email, Message)
VALUES ('$name', '$email', '$message')";

if($conn->query($sql) === TRUE)  {
    echo '<script>
            alert("Your message has been sent. Thank you for your cooperation.");
        </script>';
    header("Location: {$_SERVER['HTTP_REFERER']}");
        function goback(){
            echo '<script>alert("Your message has been sent. Thank you!");</script>';
            header("Location: {$_SERVER['HTTP_REFERER']}");
            exit;
        }
        goback();
} else {
    echo "Error " . $sql . "<br>" . $conn->error;
}
//Insert data from HTML table to database

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>

$conn->close();
?>

这是我的HTML表单

      <form id="contact_form" action="connection.php" method="POST" enctype="multipart/form-data">
    <div class="row">
        <input id="name" class="input" name="name" type="text" value="" size="30" placeholder="Your Name*" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Name *'" /><br />
    </div>
    <div class="row" style="margin-top:10px">
        <input id="email" class="input" name="email" type="text" value="" size="30" placeholder="Your Email*" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Email *'" /><br />
    </div>
    <div class="row" style="margin-top:10px">
        <textarea id="message" class="input" name="message" rows="7" cols="31" placeholder="Your Messages *" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Messages *'"  ></textarea><br />
    </div>
    <img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' style="margin-top:10px" ><br>
        <input id="code" class="input" name="code" type="text" value="" size="32" placeholder="Your Code Here *" onFocus="this.placeholder = ''" onBlur="this.placeholder = 'Your Code Here *'" style="margin-top:10px"><br>
    <p> <button id="submit_button" type="submit" style="cursor:pointer">Submit</button>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <button id="reset_button" type="reset" style="cursor:pointer">Reset</button></p>
</form>

我在编码方面很陌生，在这里，有人可以帮我吗？ 而且，如果我的英语不好，我也很抱歉。.我使用此链接作为示例http://webdesignpub.com/html-contact-form-captcha/

Answer 1

发送表单时，您需要将$ _SESSION ['code']设置为显示的验证码图像，以便在下一个请求中检索到发布的数据时，可以将其与$ _POST ['code']进行比较。

我不确定captcha_code_file.php的作用，因为您还没有添加它，但是如果它仅显示随机数，那么如果您进行更改，它可能会起作用：

<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ...

成

<img src="captcha_code_file.php?rand=<?php echo $_SESSION['code'] = rand(); ?>" id='captchaimg' ...