我在抛出网站上有一个非常基本的表格,可以正常工作(名称,电子邮件,消息(。
最近,我开始收到很多垃圾邮件消息,其中名称字段与字母和数字的一些随机组合一起通过,该电子邮件通过一些随机的电子邮件地址,消息字段为空白。我认为这是学习一些更好的现场验证的好机会。
我首先使用HTML5输入模式属性实现客户端解决方案。除非您期望,否则,垃圾邮件机只能绕过客户端验证。
我用于邮件功能的罐头php使用了针对注射的功能。由于我不知道很多PHP,因此我尝试模仿该功能结构,以验证名称字段仅包括字母和空格(一旦我完成工作,我就会添加几个其他字符(。
它无法正常工作。我很确定问题是如何在顶部编写变量。我已经尝试切换IF/true,否则/false在我的namecleaned函数中,以确保我不会将逻辑倒退。该函数要么发送邮件,无论字段中是否有数字,要么在正确输入输入时用错误消息杀死邮件...取决于我的哪种方式。
php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$fromName = $_POST['fromName'];
$fromEmail = $_POST['fromEmail'];
$customerMessage = $_POST['customerMessage'];
//Validate first
if(empty($fromName)||empty($fromEmail))
{
echo "We at least need your name an email";
exit;
}
if(nameCleaned($fromName))
{
echo "Stop spamming me please";
exit;
}
if(IsInjected($fromEmail))
{
echo "That doesn't look like a valid email address";
exit;
}
if(nameCleaned($fromName))
{
echo "Quit spamming us";
exit;
}
$email_from = 'ourdomain.com Web Message';//<== Email From
$email_subject = "Message from ourdomain.com";//<== Email Subject
//Begin Email Body
$email_body = "$fromName is emailed us through the website. nn".
"EMAIL ADDRESS: n$fromEmail nn".
"HERE'S WHAT THEY SAID: n$customerMessage nn".
$to = "ouremail@domain.com";//<== update the email address
$headers = "From: $email_from rn";
$headers .= "Reply-To: $fromEmail rn";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//Mail sent, redirect
header('Location: http://ourdomain.com/thank-you.html');
// nameCleaned function
function nameCleaned($str){
if(preg_match("/^[a-zA-Z0-9_]{2,35}/"))
{
return false;
}
else
{
return true;
}
}
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(n+)',
'(r+)',
'(t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return false;
}
else
{
return true;
}
}
表格
<form method="post" action="assets/php/mailForm-validate.php">
<div class="field half first"><input type="text" name="fromName" placeholder="Name" /></div>
<div class="field half"><input type="email" name="fromEmail" placeholder="Email" /></div>
<div class="field"><textarea name="customerMessage" placeholder="Message" rows="6"></textarea></div>
<ul class="actions">
<li><input type="submit" name="submit" value="Send Message" /></li>
</ul>
</form>
问题在您的nameCleaned
函数中。您正在使用preg_match()
函数,但仅提供一个参数。
preg_match
至少采用2个参数。第一个是模式,第二个是主题。您的主题是$str
变量。因此,这是正确的代码:
preg_match("/^[a-zA-Z0-9_]{2,35}/", $str)
这是完整的功能:
function nameCleaned($str){
if(preg_match("/^[a-zA-Z0-9_]{2,35}/", $str))
{
return false;
}
else
{
return true;
}
}
我希望,我帮助了!