[英]Strange Result With HTML contact/mail Form Using PHP File
我在從電子郵件表單中正確獲取電子郵件中的數據時遇到問題。 它對電子郵件做了一些奇怪的事情。
原始表格訊息:
Enter Name: Fake Name
Enter Email Address: fake.name@doesnotexist.com
Enter Message: Email test number 4(four).
Submit
_____________________________________________
我收到的電子郵件:
From: <fake.name@doesnotexist.com>
Subject: <New Form submission>
Reply to: <warnerheston@sungraffix.net>
To: Me <web289portfolio@sungraffix.net>
_____________________________________________
You have received a new message from the user Fake Name.
Here is the message:
Email test number 4(four).web289portfolio@sungraffix.net
_____________________________________________
郵件正文中的電子郵件為“(four).web289portfolio @ sungraffix.net”,並帶有下划線/超鏈接...奇怪!
消息體中根本沒有任何電子郵件地址。 用戶未在消息末尾鍵入電子郵件地址。 有人說,PHP代碼正在將目的地電子郵件地址拖放到消息正文中,並在用戶發送消息時附加用戶消息的最后一個“單詞”。
有人可以告訴我我在做什么錯嗎?
<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
//Validate first
if(empty($name)||empty($visitor_email)||empty($message))
{
header('Location: contact-form-incomplete.html');
exit;
}
if(IsInjected($visitor_email))
{
echo "Bad email value!";
exit;
}
$email_from = $_POST['email']; //<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n".
"Here is the message:\n $message".
$to = "web289portfolio@sungraffix.net";//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: contact-thankyou.html');
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
這是HTML表單:
<form method="post" name="myemailform" action="form-to-email.php">
<p>
<label for='name'><span class='form'>Enter Name:</span></label><br>
<input type="text" name="name" size="36">
</p>
<p>
<label for='email'><span class='form'>Enter Email Address:</span></label><br>
<input type="email" name="email" size="36">
</p>
<p>
<label for='message'><span class='form'>Enter Message:</span></label> <br>
<textarea name="message" cols='48' rows='9' maxlength='300'></textarea>
</p>
<input type="submit" name='submit' value="submit"> <input type="reset">
</form>
仔細查看$email_body
上的代碼,您實際上將$email_body
與$to
串聯在一起。 串聯.
$email_body
應為;
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.