当前位置: 文江博客话题详情

php 联系表单干净的代码

发布于 2024-08-14 18:55:07 字数 1335 浏览 2 评论 0原文

尝试用 php 制作我自己的联系表单。有没有更好/更干净的方法来解决这个问题?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1 /DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Contact Form Practice</title>


</head>

<body>


<form method="POST" action="mailer.php">
Name:
<br>
<input type="text" name="name" size="19"><br>
<br>
Your Email Adress:
<br>
<input type="text" name="email" size="19"><br>
<br>
Message:
<br>
<textarea rows="9" name="message" cols="30"></textarea>
<br>
<br>
<input type="submit" value="Submit" name="submit">
</form>



</body>
</html>

----------------php--------------

<?php
if(isset($_POST['submit'])) {

$to = "[email protected]";
$subject = "Contact";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$message = $_POST['message'];

$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";

echo "Data has been submitted to $to!";
mail($to, $subject, $body);

} else {

echo "4! OH! 4!";

}
?>
原文

Trying to make my own contact form with php. Is there a better/cleaner way to approach this?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1 /DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Contact Form Practice</title>


</head>

<body>


<form method="POST" action="mailer.php">
Name:
<br>
<input type="text" name="name" size="19"><br>
<br>
Your Email Adress:
<br>
<input type="text" name="email" size="19"><br>
<br>
Message:
<br>
<textarea rows="9" name="message" cols="30"></textarea>
<br>
<br>
<input type="submit" value="Submit" name="submit">
</form>



</body>
</html>

----------------php---------------

<?php
if(isset($_POST['submit'])) {

$to = "[email protected]";
$subject = "Contact";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$message = $_POST['message'];

$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";

echo "Data has been submitted to $to!";
mail($to, $subject, $body);

} else {

echo "4! OH! 4!";

}
?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

夏九 2024-08-21 18:55:07

该代码似乎是正确的,但我强烈建议添加一些数据验证。您需要确保所有必填字段均填写了有效信息。出于安全/可读性的目的,还请确保对任何 HTML、JS 等进行编码/剥离。

最后,您还应该考虑使用验证码来防范垃圾邮件。我有一个旧网站运行与此类似的代码,并且每天收到超过 500 封垃圾邮件!

The code seems correct, but I'd highly recommend adding in some data validation. You'll want to make sure all required fields are filled out with valid info. Also be sure to encode/strip any HTML, JS, etc for security/readability purposes.

Lastly, you should also consider using CAPTCHA to guard against spam. I've got an old site running code similar to this and used to get over 500 spam emails a day!

回复 原文
依 靠 2024-08-21 18:55:07

差不多就是这样,也许在成功完成后,您可以执行 header() 重定向到确认页面,但就处理表单而言,您拥有的内容是相当标准的。

此外,您希望将清理数据作为接受任何用户输入的标准做法。

您可能想考虑实施验证码以防止机器人攻击您的表单。

PHP 验证码

That's pretty much it, maybe on successful completion you can do a header() redirect to a confirmation page, but as far as processing the form what you have is pretty standard.

Also, you want to sanitize your data as a standard practice of accepting any user input.

You might want to look into implementing a CAPTCHA to prevent the bots from hammering your form as well.

PHP Captcha

回复 原文
夜光 2024-08-21 18:55:07

您肯定想做的一件事是让数据在电子邮件中发送时更加安全。我至少会在输入数据上运行 htmlentities 和 strip_tags,但您绝对应该考虑进行进一步的验证。

另外,我可能会做类似的事情,而不是 isset($_POST["SUBMIT"])

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // body code here
}

One thing you definitely want to do is make the data a bit safer to send in the email. I would at least run the htmlentities and strip_tags on the input data but you should definitely look in to doing further validation.

Also instead of isset($_POST["SUBMIT"]) I would maybe do something like...

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // body code here
}
回复 原文
太阳哥哥 2024-08-21 18:55:07

我强烈建议您查找一些有关 PHP mail() 劫持的信息,并确保您的脚本不会容易受到此类攻击。另外,其他人建议的做法也非常好。

I would HIGHLY recommend looking up some information about PHP mail() hijacking and making sure you are not going to leave your script vulnerable to such an attack. Also what everyone else suggested is very good to do as well.

回复 原文
玩心态 2024-08-21 18:55:07

在这个问题中,您有 2 个单独的文件处理表单。问题是,如果您收到验证错误,您别无选择,除了糟糕的“请单击后退按钮”解决方案。

考虑这个模板 PHP 文件,它将在一页上处理所有内容,提供数据验证、错误、重新提交和整个 9 码。

<?php

// Read input variables from _POST
$FormAction = (isset($_POST['FormAction']) ? $_POST['FormAction'] : '');
$FirstName = trim(isset($_POST['FirstName']) ? $_POST['FirstName'] : '');
...

// Define script variables
$Errors = array();

// Process input if data was posted.
switch($FormAction)
{ 
   case 'Process':
      // validation code

      if(empty($FirstName) or strlen($FirstName) > 20)
          $Errors[] = "First name is required.";

      ...

      if(count($Errors) > 0)
         break;

      // Here we have valid data..  Do whatever...


      // Now, redirect somewhere.
      header('Location: http://www.next.com/whatever');
      exit;

 }

 ?>
 <html>
    <body>
       <?php if(count($Errors)) { ?>
          <div class="Error">
              <?php foreach($Error as $Error) { ?>
                  <div><?php echo htmlspecialchars($Error); ?></div>
              <?php } ?>
          </div>
       <?php } ?>

       <form method="POST" action="<?php echo htmlspecialchars($_SERVER['REQUES_URI'], ENT_QUOTES); ?>" />
           <input type="hidden" name="FormAction" value="Process" />

           First Name: 
           <input type="text" name="FirstName" value="<?php echo htmlspecialchars($FirstName, ENT_QUOTES); ?>" />

           ...

           <input type="submit" />
       </form>

    </body>
 </html>

In the question, you had 2 separate files processing the form. The problem is if you get a validation error, you are left with little choice but the awful "Please click you back button" solution.

Consider this template PHP file that will handle it all on one page, provide for data validation, errors, re-submitting, and the whole 9 yards.

<?php

// Read input variables from _POST
$FormAction = (isset($_POST['FormAction']) ? $_POST['FormAction'] : '');
$FirstName = trim(isset($_POST['FirstName']) ? $_POST['FirstName'] : '');
...

// Define script variables
$Errors = array();

// Process input if data was posted.
switch($FormAction)
{ 
   case 'Process':
      // validation code

      if(empty($FirstName) or strlen($FirstName) > 20)
          $Errors[] = "First name is required.";

      ...

      if(count($Errors) > 0)
         break;

      // Here we have valid data..  Do whatever...


      // Now, redirect somewhere.
      header('Location: http://www.next.com/whatever');
      exit;

 }

 ?>
 <html>
    <body>
       <?php if(count($Errors)) { ?>
          <div class="Error">
              <?php foreach($Error as $Error) { ?>
                  <div><?php echo htmlspecialchars($Error); ?></div>
              <?php } ?>
          </div>
       <?php } ?>

       <form method="POST" action="<?php echo htmlspecialchars($_SERVER['REQUES_URI'], ENT_QUOTES); ?>" />
           <input type="hidden" name="FormAction" value="Process" />

           First Name: 
           <input type="text" name="FirstName" value="<?php echo htmlspecialchars($FirstName, ENT_QUOTES); ?>" />

           ...

           <input type="submit" />
       </form>

    </body>
 </html>
回复 原文
~没有更多了~

关于作者

我不会写诗

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

linfzu01

文章 0 评论 0

§对你不离不弃

文章 0 评论 0

可遇━不可求

文章 0 评论 0

枕梦

文章 0 评论 0

qq_3LFa8Q

文章 0 评论 0

JP

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文