Php 我如何确保这不受注射和垃圾邮件的影响
我希望使我的联系人表单不太可能遭受攻击者的攻击 这是公众可以看到的,Php 我如何确保这不受注射和垃圾邮件的影响,php,html,sql,forms,email,Php,Html,Sql,Forms,Email,我希望使我的联系人表单不太可能遭受攻击者的攻击 这是公众可以看到的, <script> var checkobj function agreesubmit(el){ checkobj=el if (document.all||document.getElementById){ for (i=0;i<checkobj.form.length;i++){ //hunt down submit button var tempobj=checkobj.form.elements[i
<script>
var checkobj
function agreesubmit(el){
checkobj=el
if (document.all||document.getElementById){
for (i=0;i<checkobj.form.length;i++){ //hunt down submit button
var tempobj=checkobj.form.elements[i]
if(tempobj.type.toLowerCase()=="submit")
tempobj.disabled=!checkobj.checked
}
}
}
function defaultagree(el){
if (!document.all&&!document.getElementById){
if (window.checkobj&&checkobj.checked)
return true
else{
alert("Please check the box confirming your details are correct.")
return false
}
}
}
function handleEnter (field, event) {
var keyCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode;
if (keyCode == 13) {
var i;
for (i = 0; i < field.form.elements.length; i++)
if (field == field.form.elements[i])
break;
i = (i + 1) % field.form.elements.length;
field.form.elements[i].focus();
return false;
}
else
return true;
}
<!--
function formCheck(formobj){
// Enter name of mandatory fields
var fieldRequired = Array("name", "email", "message");
// Enter field description to appear in the dialog box
var fieldDescription = Array("Name", "Email Address", "Your Message");
// dialog message
var alertMsg = "Please complete the following fields:\n";
var l_Msg = alertMsg.length;
for (var i = 0; i < fieldRequired.length; i++){
var obj = formobj.elements[fieldRequired[i]];
if (obj){
switch(obj.type){
case "select-one":
if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
case "select-multiple":
if (obj.selectedIndex == -1){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
case "text":
case "textarea":
case "password":
if (obj.value == "" || obj.value == null){
alertMsg += " - " + fieldDescription[i] + "\n";
}
break;
default:
}
if (obj.type == undefined){
var blnchecked = false;
for (var j = 0; j < obj.length; j++){
if (obj[j].checked){
blnchecked = true;
}
}
if (!blnchecked){
alertMsg += " - " + fieldDescription[i] + "\n";
}
}
}
}
if (alertMsg.length == l_Msg){
return true;
}else{
alert(alertMsg);
return false;
}
}
// -->
var emailfilter=/^\w+[\+\.\w-]*@([\w-]+\.)*\w+[\w-]*\.([a-z]{2,4}|\d+)$/i
function checkmail(e){
var returnval=emailfilter.test(e.value)
if (returnval==false){
alert("Please enter a valid email address.")
e.select()
}
return returnval
}
</script>
<div align="center">
<font color="#FF0000">
<?php
//If there is an error message...show it.
if(isset($_SESSION['ERRMSG'])) {
echo $_SESSION['ERRMSG'];
echo "<br>";
unset($_SESSION['ERRMSG']);
}
?>
</font>
</div>
<p class="greywritingsmall" style="text-align:center">Fields marked with a <span class="purplewriting">*</span> are required. </p>
<span style="text-align:center">
<form action="execs/contactus.php" method="post" name="register" class="greywriting" id="register" onsubmit="return formCheck(this)">
<table width="620" border="0" align="center" cellpadding="2" cellspacing="2" class="formgreywriting">
<tr align="left">
<td width="115">Full Name: <font color="#64195A">*</font></td>
<td width="193"><input name="name" type="text" id="name" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_FULL_NAME'])){echo $_SESSION['SESS_FULL_NAME'];}?>" /></td>
<td width="112">Email Address: <font color="#64195A">*</font></td>
<td width="174"><input name="email" type="text" id="email" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_EMAIL'])){echo $_SESSION['SESS_EMAIL'];}?>" /></td>
</tr>
<tr align="left">
<td width="115">Membership No: (If Applicable)</td>
<td width="193"><input name="member_id" type="text" id="member_id" onkeypress="return handleEnter(this, event)" value="<?php if(isset($_SESSION['SESS_MEMBER_ID'])){echo $_SESSION['SESS_MEMBER_ID'];}?>" /></td>
<td width="112">Department: <font color="#64195A">*</font></td>
<td width="174">
<select name="department" id="department">
<?php
$query = mysql_query("SELECT * FROM departments ORDER BY name ASC");
echo "<option value=\"\">Please select one...</option>";
while($result = mysql_fetch_array($query)){
echo "<option value=\"" . $result['code'] . "\">" . $result['name'] . "</option>";
}
?>
</select>
</td>
</tr>
<tr align="center">
<td colspan="1" align="left">Message: <font color="#64195A">*</font></td>
<td colspan="3" align="left"><textarea name="message" rows="8" cols="60" id="message" value="<?php if(isset($_POST['message'])){echo $_POST['message'];}?>"></textarea></td>
</tr>
<tr>
<td colspan="4" align="center">
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
</tr>
<tr>
<td colspan="4" align="center"><font color="#64195A">
<input type="checkbox" name="tc" id="tc" onclick="agreesubmit(this)"/>
I confirm that all my details are correct.</a></font></td>
</tr>
<tr>
<td colspan="4" align="center"><input name="submit" value="Send Message" type="submit" onclick="return checkmail(this.form.email)" disabled/></td>
</tr>
<tr>
<td colspan="4" align="center"> </td>
</tr>
</table>
</form>
<script>
document.forms.register.tc.checked=false
</script>
</span></div>
var checkobj
功能协议提交(el){
checkobj=el
if(document.all | | document.getElementById){
对于(i=0;i对于反垃圾邮件,您可以问用户一个问题,例如,回答下一页的2+2
和$\u POST
是什么,并检查用户提供的答案是否等于PHP生成的答案
$question1 = mt_rand(1,10);
$question2 = mt_rand(1,10);
$answer = $question1 + $question2;
在html表单中,为答案和问题创建两个输入
*What is <?php echo $question1 ." + ". $question2;?>? (Anti-spam):
<input type="number" required name="Human" ><br>
<input name="answer" id="subject" type="hidden" value="<?php echo "$answer"; ?>">
*什么是?(反垃圾邮件):
我还没有尝试过任何东西,我正在研究“filter_var()”,但不确定这是否包括在内。您需要切换到PDO
或MySQLi
准备好的语句,我还建议您使用一个邮件库,如phpMailer[这将有助于防止邮件标题修改,而这些修改可能被用于发送垃圾邮件。
*What is <?php echo $question1 ." + ". $question2;?>? (Anti-spam):
<input type="number" required name="Human" ><br>
<input name="answer" id="subject" type="hidden" value="<?php echo "$answer"; ?>">
<?php
$answer = $_POST['answer'];
if(isset ($_POST['submit']) && $_POST['human'] == answer) {
your mail procesing here
}