Php 联系人表单不会提交并一直转到错误页面
当我填写联系人表单中的所有字段时,它会一直转到错误页面。我不知道为什么会这样。我希望联系人表单将所有信息发送到我的个人电子邮件中。我看过几乎所有的解决方案,但似乎无法解决问题 我的表格的代码是:Php 联系人表单不会提交并一直转到错误页面,php,html,forms,contact,Php,Html,Forms,Contact,当我填写联系人表单中的所有字段时,它会一直转到错误页面。我不知道为什么会这样。我希望联系人表单将所有信息发送到我的个人电子邮件中。我看过几乎所有的解决方案,但似乎无法解决问题 我的表格的代码是: <div id="form"> <form action="sendmail.php" method="post"> <p> <label for="name">Name:</label> <
<div id="form">
<form action="sendmail.php" method="post">
<p>
<label for="name">Name:</label>
<input name="name" id="name" type="text" class="required">
<span>Please enter your name</span>
</p>
<p>
<label for="email">Email:</label>
<input name="email" id="email" type="text" class="required">
<span>Please enter a valid email address</span>
</p>
<p>
<label for="subject">Subject:</label>
<input name="subject" id="subject" type="text">
<span>Please enter your subject</span>
</p>
<p>
<label for="message">Message</label>
<textarea name="message" id="message" class="required"></textarea>
<span>Please enter your message</span>
</p>
<p class="submit">
<input type="submit" value="Submit" class="btn-submit">
</p>
</form>
</div>
姓名:
请输入您的姓名
电邮:
请输入有效的电子邮件地址
主题:
请输入您的主题
消息
请输入您的信息
我的PHP代码是:
<?php
// This function checks for email injection. Specifically, it checks for carriage returns
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
// Load form field data into variables.
$name = $_REQUEST['name'] ;
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
// If the user tries to access this script directly, redirect them to feedback form,
if (!isset($_REQUEST['email'])) {
header( "Location: contact.html" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments)) {
header( "Location: error.html" );
}
// If email injection is detected, redirect to the error page.
//elseif ( isInjected($email) ) {
// header( "Location: error.html" );
}
// If we passed all previous tests, send the email!
else {
mail( "f.ajibade@f-sharpmedia.com", "Feedback Form Results",
$comments, "From: $email" );
header( "Location: thankyou.html" );
}
?>
因为您没有将电子邮件检查逻辑放入函数中,返回语句将阻止代码执行,即使它是真的。正确的方法是:
if(preg_match($inject,$str)) {
//process
}
else {
exit();
}
编辑
下面是如何将该逻辑放入函数中
/**
*This function checks for email injection.
*Specifically, it checks for carriage returns
*@return Boolean upon failure or success
*/
function has_injection($email){
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$email)) {
return true;
}
else {
return false;
}
}
然后使用它:
<?php
if(!has_injection($_REQUEST['email']){
//process code
}else{
die('terminating script because of email injection!');
}
代码很乱
美元在哪里
检查它是否有注入:如果(preg_match($inject,$str))
,那么$str是什么
然后你选择empty($email_address)| empty($comments)
但是这些不是您设置的变量(您设置了$email=$\u REQUEST['email'],$message=$\u REQUEST['message']
等等)这应该做什么:否则{return false;}
为什么要执行手动注入检查?有更好的库(例如,随着检测到更多注入机会而改进)?