虽然对PHP ()进行了彻底检查,但我仍收到空邮件
虽然对PHP ()进行了彻底检查,但我仍收到空邮件
提问于 2017-10-04 20:00:43
我是新的php,我正在使用一个简单的形式与张贴在主页上给我一封电子邮件。
以下是表格:
<form data-abide action="anfrage.php" method="post">
<fieldset>
<div class="row">
<div class="large-12 columns">
<label>Firma
<input type="text" name="firm" placeholder="Firma" />
</label>
</div>
</div>
<div class="row">
<div class="large-4 columns">
<label>Anrede
<select name="salutation">
<option value="-">-</option>
<option value="Herr">Herr</option>
<option value="Frau">Frau</option>
</select>
</label>
</div>
<div class="large-8 columns">
<label>Name <small>benötigt</small>
<input type="text" name="name" placeholder="Ansprechpartner" required pattern="[a-zA-Z]+">
</label>
<small class="error">Bitte geben Sie einen Ansprechpartner an!</small>
</div>
</div>
<div class="row">
<div class="large-4 columns">
<label>Adresse <small>benötigt</small>
<input type="text" name="address" placeholder="Strasse, PLZ, Stadt" />
</label>
<small class="error">Bitte geben Sie eine Adresse an!</small>
</div>
<div class="large-4 columns">
<label>eMail <small>benötigt</small>
<input type="eMail" name="email" placeholder="eMail" required/>
</label>
<small class="error">Bitte geben Sie eine gültige eMail-Adresse an!</small>
</div>
<div class="large-4 columns">
<label>Telefon <small>benötigt</small>
<input type="text" name="phoneno" placeholder="0123 0815..." required/>
</label>
<small class="error">Bitte geben Sie eine gültige Telefonnummer an!</small>
</div>
</div>
<div class="row">
<div class="large-6 columns">
<label>Art der Anfrage</label>
<input type="radio" name="radio" id="dryhire" value="Vermietung"><label for="dryhire">Vermietung</label>
<input type="radio" name="radio" id="event" value="Veranstaltung"><label for="event">Veranstaltung</label>
<input type="radio" name="radio" id="consultation" value ="Beratung"><label for="consultation">Beratung</label>
</div>
</div>
<div class="row">
<div class="large-12 columns">
<label>Was können wir für Sie tun?<small>benötigt</small>
<textarea name="text" placeholder="Erläutern Sie uns kurz was Sie wann und wo benötigen." required pattern=""></textarea>
</label>
<small class="error">Bitte erläutern Sie kurz Ihr Anliegen!</small>
</div>
</div>
<div class="antispam">Wenn Sie kein Roboter sind lassen sie diesen Bereich einfach leer: <input type="text" name="url" /></div>
<button class="large-12 columns button" type="submit">ANFRAGEN</button>
</fieldset>
</form>
anfrage.php看起来如下所示:
<?php
$to = "anfrage@myhomepage.de";
$subject = $_POST["radio"];
$email = $_POST["email"];
$returnPage = 'http://myhomepage.de#success';
$returnErrorPage = 'http://myhomepage.de#error';
$dodgy_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);
function is_valid_email($email) {
return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+
[a-z]{2,6}))$#si', $email);
}
function contains_bad_str($str_to_test) {
$bad_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"Content-Transfer-Encoding:"
,"bcc:"
,"cc:"
,"to:"
);
foreach($bad_strings as $bad_string) {
if(eregi($bad_string, strtolower($str_to_test))) {
header("Location: " . $returnErrorPage);
exit;
}
}
}
function contains_newlines($str_to_test) {
if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
header("Location: " . $returnErrorPage);
exit;
}
}
function isEmpty($str_to_test){
return preg_match('/\S/', $str_to_test);
}
function checkFormCompletion($str_to_test){
contains_bad_str($str_to_test);
if(isEmpty($str_totest)){
header("Location: " . $returnErrorPage);
exit;
}
else
return $str_to_test;
}
if($_SERVER['REQUEST_METHOD'] != "POST"){
header("Location: " . $returnErrorPage);
exit;
}
if (!is_valid_email($email)) {
header("Location: " . $returnErrorPage);
exit;
}
$body .= "Firma: " .checkFormCompletion($_POST['firm']);
$body .= "\n";
$body .= "Ansprechpartner: " .checkFormCompletion($_POST['salutation']) ." "
.checkFormCompletion($_POST['name']);
$body .= "\n";
$body .= "Adresse: " .checkFormCompletion($_POST['address']);
$body .= "\n";
$body .= "Telefonnummer: " .checkFormCompletion($_POST['phoneno']);
$body .= "\n";
$body .= "\n";
$body .= "Anfrage: " .checkFormCompletion($_POST['text']);
contains_bad_str($email);
contains_bad_str($subject);
contains_newlines($email);
contains_newlines($subject);
checkFormCompletion($subject);
if(isset($_POST['url']) && $_POST['url'] == ''){
$mailSent = @mail($to, $subject, $body, "From: ".$email);
}
else {
header("Location: " . $returnErrorPage);
}
if($mailSent == TRUE) {
header("Location: " . $returnPage);
} else {
header("Location: " . $returnErrorPage);
}
exit();
?> 虽然imho没有空的电子邮件应该通给我,但我还是继续这样做: EMails:
To: anfrage@myhomepage.de
From: bflaccus@anyaddressyoucanimagine.com
Subject:
Body:
Firma:
Ansprechpartner: Herr 59d4f7714f4d7
Adresse:
Telefonnummer:
Anfrage: 有时一天只有一个EMail,有时是thirty+。
我不知道我为什么要继续得到那些EMails。你知道如何避免吗?或者您知道我的anfrage.php中哪里有安全问题?
提前感谢!
回答 1
Stack Overflow用户
回答已采纳
发布于 2017-10-04 20:13:59
您的checkFormCompletion函数中有一个错误,所以它总是将字段计算为空。
function checkFormCompletion($str_to_test){
contains_bad_str($str_to_test);
if(isEmpty($str_totest)){ // $str_totest should be $str_to_test您知道PHP已经有一个函数来检查变量是否为空,对吗?空的
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/46573224
复制相关文章
相似问题
腾讯云开发者
