我的表单输入验证不起作用,因为我希望它工作。
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'From: Kontaktformular';
$to = '[email protected]';
$subject = 'Kontaktformular';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
在本部分中,我尝试验证输入:
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ($email === FALSE) {
echo 'Invalid email';
exit(1);
}
$body = str_replace("\n.", "\n..", $body);
现在我尝试发送邮件,如果输入不是NULL:
if(isset($_POST['Submit'])) {
if (mail ($to, $subject, $body, $from)) {
echo '<p>Message was sent!</p>';
} else {
echo '<p>Something went wrong :( Please try again</p>';
}
} else {
die ("Direct access not allowed!");
}
?>
我的问题是,我的代码返回“无效的电子邮件”或“不允许直接访问!”,但我不确定我做错了什么。
我的HTML表单:
<form method="post" action="php-contact.php" class="animated fadeIn">
<label>Name</label>
<input name="name" placeholder="Name">
<label>E-Mail</label>
<input name="email" type="email" placeholder="E-Mail, zum antworten…">
<label>Nachricht</label>
<textarea name="message" placeholder="Nachricht…"></textarea>
<input id="submit" name="submit" type="submit" value="Absenden">
</form>
我试着使用这些代码示例:Proper prevention of mail injection in PHP
你正在以错误的顺序进行处理。在尝试分配变量然后习惯于构造消息之前,首先需要检查POSTed数据中是否存在各种表单字段。
<?php
/* test METHOD and if fields are present in POST array */
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'], $_POST['name'], $_POST['email'], $_POST['message'] ) ){
/* do some sanitation and validation on user input */
$name=filter_input( INPUT_POST, 'name', FILTER_SANITIZE_STRING );
$email=filter_var( filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL ), FILTER_VALIDATE_EMAIL );
$message=filter_input( INPUT_POST, 'name', FILTER_SANITIZE_STRING );
/* if the sanitation and validation succeeds, continue processing */
if( $name && $email && $message ){
$from = 'From: Kontaktformular';
$to = '[email protected]';
$subject = 'Kontaktformular';
$body = "From: $name\nE-Mail: $email\nMessage:\n $message";
$status=mail( $to, $subject, $body, $from );
echo $status ? '<p>Message was sent!</p>' : '<p>Something went wrong :( Please try again</p>';
} else {
echo "bogus!"
}
} else {
die("Direct access not allowed!");
}
?>
除了您使用的误导性错误消息,这是您的问题:
isset($_POST['Submit'])
因为表单输入是:
<input name="submit">
这些东西都区分大小写。
print_r($_POST);
看看你到底得到了什么。这是另一个如何构建此验证脚本的示例。注意我建议将邮件正文发送为text / plain,以便您的电子邮件客户端不会解释任何虚假的HTML。此外,我添加了一些最大长度检查,以便用户无法提交任意长度的数据。
isset()