表单验证 PHP

Question

我有一个包含 3 个文本框的表单，用户至少上传 1 个文件及其详细信息。我遇到的唯一问题是，当文件未上传到服务器时，它仍然会发送不带附件的电子邮件。我怎样才能阻止这种情况，我只对照片和 pdf 进行验证是否足够好？谢谢，我当前的代码是：

   $to="myemailaddress";
   $subject = "Subject of email";
   // get the sender's name and email address
   // we'll just plug them a variable to be used later
   $from = "<".stripslashes($_POST['customer_email']).">";
   // generate a random string to be used as the boundary marker
   $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
   // now we'll build the message headers
   $headers = "From: $from\r\n" .
   "MIME-Version: 1.0\r\n" .
      "Content-Type: multipart/mixed;\r\n" .
      " boundary=\"{$mime_boundary}\"";
   // here, we'll start the message body.
   // this is the text that will be displayed
   // in the e-mail
    $message = "$body\n";
    $message .="This is an automated email";
    $message .="Clients files attached:\n\n";

   // next, we'll build the invisible portion of the message body
   // note that we insert two dashes in front of the MIME boundary 
   // when we use it
   $message = "This is a multi-part message in MIME format.\n\n" .
      "--{$mime_boundary}\n" .
      "Content-Type: text/plain; charset=\"utf-8\"\n" .
      "Content-Transfer-Encoding: 7bit\n\n" .
   $message . "\n\n";
   // now we'll process our uploaded files
   foreach($_FILES as $userfile){
      // store the file information to variables for easier access
      $tmp_name = $userfile['tmp_name'];
      $type = $userfile['type'];
      $name = $userfile['name'];
      $size = $userfile['size'];

 $allowedExtensions = array("pdf","jpg","jpeg", "png"); 

 foreach ($_FILES as $userfile) { 
    if ($userfile['tmp_name'] > '') { 
        if (!in_array(end(explode(".", 
            strtolower($userfile['name']))), 
            $allowedExtensions)) { 
            echo "not an accepted file type";
            exit();
      } 
 }
 }

     // if the upload succeded, the file will exist
      if (file_exists($tmp_name)){
         // check to make sure that it is an uploaded file and not a system file
         if(is_uploaded_file($tmp_name)){

            // open the file for a binary read
            $file = fopen($tmp_name,'rb');

            // read the file content into a variable
            $data = fread($file,filesize($tmp_name));
            // close the file
            fclose($file);

            // now we encode it and split it into acceptable length lines
            $data = chunk_split(base64_encode($data));
         }

         // now we'll insert a boundary to indicate we're starting the attachment
         // we have to specify the content type, file name, and disposition as
         // an attachment, then add the file content.
         // NOTE: we don't set another boundary to indicate that the end of the 
         // file has been reached here. we only want one boundary between each file
         // we'll add the final one after the loop finishes.
         $message .= "--{$mime_boundary}\n" .
            "Content-Type: {$type};\n" .
            " name=\"{$name}\"\n" .
            "Content-Disposition: attachment;\n" .
            " filename=\"{$fileatt_name}\"\n" .
            "Content-Transfer-Encoding: base64\n\n" .
         $data . "\n\n";
      }
   }
   // here's our closing mime boundary that indicates the last of the message
   $message.="--{$mime_boundary}--\n";

   // now we just send the message
   mail($to, $subject, $message, $headers);
   echo "mail sent";
   }

Answer 1

我遇到的唯一问题是，当文件未上传到服务器时
仍然发送不带附件的电子邮件。我怎样才能阻止它？

通过验证至少有一个上传的文件。这可以很简单：

$thereIsAFile = false;

// foreach ($_FILES ...) ...
//    attach file to email
      $thereIsAFile = true;
// ...

if (!$thereIsAFile) {
    exit;
}

我仅对照片和 pdf 进行验证是否足够好？

不。因为您只查看文件扩展名。这根本不是验证，文件名完全是任意的，不一定与实际文件内容有任何关系。您应该通过尝试找出的MIME 类型来验证文件具有适当的功能。例如，请参阅 如何获取内容类型PHP 中的文件？。