隐藏表单字段 - 我做错了什么?
我正在尝试使用“隐藏字段”技巧通过我的表单之一来防止垃圾邮件,但由于某种原因它不起作用。当我填写应该留空的字段时,表单会像平常一样提交。
我的php有问题吗? (我认为这就是我的问题所在): 这是验证隐藏字段的代码(请参见我的表单顶部):
if(!empty($_POST['email'])){ die('Stop Spamming'); }
这是完整的 php 表单:
<?
session_start();
include("verification_image.class.php");
$image = new verification_image();
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {
header('Location: http://www.domain.com/fail.htm');
exit;
}
if(!empty($_POST['email'])){ die('Stop Spamming'); }
$to = "[email protected]";
$bcc = "[email protected]";
$from = $_POST['contactemail'];
$subject = "INTERESTED ADVERTISER";
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
$sBodyNew = '<style type="text/css">
<!--
.style {
font-family: Arial;
font-size: 12px;
color: #4D241E;
}
body {
background-image: url();
background-color: #F1EAE4;
}
.style1 {font-size: 14px}
-->
</style>
<p> </p>
<table width="420" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td><table width="100%" border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF"
class="style">
<tr>
<td colspan="2" valign="top"><div align="center"><strong><span
class="style1">Website Deal</span><br>
.................................................................</strong><br>
</div></td>
</tr>
<tr>
<td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong>
</div></td>
<td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Name</strong></div></td>
<td valign="top">'.$_POST['contactname'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Contact Number</strong></div></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Email</strong></div></td>
<td valign="top">'.$_POST['contactemail'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Query</strong></div></td>
<td valign="top">'.$_POST['contactquery'].'</td>
</tr>
</table></td>
</tr>
</table>
';
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($to, $subject, $sBodyNew, $headers);
header('Location: http://www.domain.com/success.htm');
?>
这是我添加到 HTML 表单中的内容:
<label>
<input type="text" class="email" name="email" id="email" />
</label>
这是 HTML 表单:
<form action="process_advertise.php" method="post" name="order"
onSubmit="MM_validateForm('contactname','','R','contactnumber','','R','contactemail',
'','RisEmail','validate','','R','contactquery','','R');return document.MM_returnValue">
<input name="success" type="hidden"
value=http://www.domain.com/success.htm>
<table width="465" border="0" cellspacing="0" cellpadding="0">
<!--DWLayoutTable-->
<tr>
<td width="465" height="387" valign="top"><span class="style66">NAME:
<input name="contactname" type="text" id="contactname" />
</span><br />
<span class="style66">CONTACT NUMBER:</span>
<input name="contactnumber" type="text" id="contactnumber" />
<br />
<span class="style66">EMAIL:
<input name="contactemail" type="text" id="contactemail" />
</span><br />
<span class="style66">QUERY:</span>
<textarea name="contactquery" cols="40" rows="8"
id="contactquery"></textarea>
<br />
<br />
<input type="text" class="email" name="email" id="email" />
<br />
<br />
<img src="picture.php" /><br />
<span class="style57 style16"><em>Please enter character<br />
as listed above</em></span><br />
<input name="validate" type="text" id="validate" />
<br />
<input type="reset" name="button2" id="button2" value="Reset" />
<input type="submit" name="button" id="button" value="Submit" /></td>
</tr>
</table>
</form>
有人知道我做错了什么吗?
=================================================== ===================== 问题已解决:
好的,伙计们...我已经再次测试了该表单,现在它可以工作了! 我不是为什么它之前不起作用,但对于那些想知道的人...我所有的编码都是正确的,除了我从我的进程 php 表单中删除了这段代码:
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
正如 greg0rie 指出的那样,这段代码不是必需的
I am trying to prevent Spam with one of my forms using the Hidden Field trick, but for some reason its not working. When I fill in the field that's supposed to be left empty, the form is submitted like a normal.
Is there something wrong with my php? (I think that's where my problem lies):
This is the code to validate the hidden field (see top of my form):
if(!empty($_POST['email'])){ die('Stop Spamming'); }
Here's the complete php form:
<?
session_start();
include("verification_image.class.php");
$image = new verification_image();
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {
header('Location: http://www.domain.com/fail.htm');
exit;
}
if(!empty($_POST['email'])){ die('Stop Spamming'); }
$to = "[email protected]";
$bcc = "[email protected]";
$from = $_POST['contactemail'];
$subject = "INTERESTED ADVERTISER";
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
$sBodyNew = '<style type="text/css">
<!--
.style {
font-family: Arial;
font-size: 12px;
color: #4D241E;
}
body {
background-image: url();
background-color: #F1EAE4;
}
.style1 {font-size: 14px}
-->
</style>
<p> </p>
<table width="420" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td><table width="100%" border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF"
class="style">
<tr>
<td colspan="2" valign="top"><div align="center"><strong><span
class="style1">Website Deal</span><br>
.................................................................</strong><br>
</div></td>
</tr>
<tr>
<td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong>
</div></td>
<td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Name</strong></div></td>
<td valign="top">'.$_POST['contactname'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Contact Number</strong></div></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Email</strong></div></td>
<td valign="top">'.$_POST['contactemail'].'</td>
</tr>
<tr>
<td valign="top"><div align="left"><strong>Query</strong></div></td>
<td valign="top">'.$_POST['contactquery'].'</td>
</tr>
</table></td>
</tr>
</table>
';
$headers = "From: $from\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($to, $subject, $sBodyNew, $headers);
header('Location: http://www.domain.com/success.htm');
?>
Heres this is what I added to my HTML form:
<label>
<input type="text" class="email" name="email" id="email" />
</label>
And heres the HTML form:
<form action="process_advertise.php" method="post" name="order"
onSubmit="MM_validateForm('contactname','','R','contactnumber','','R','contactemail',
'','RisEmail','validate','','R','contactquery','','R');return document.MM_returnValue">
<input name="success" type="hidden"
value=http://www.domain.com/success.htm>
<table width="465" border="0" cellspacing="0" cellpadding="0">
<!--DWLayoutTable-->
<tr>
<td width="465" height="387" valign="top"><span class="style66">NAME:
<input name="contactname" type="text" id="contactname" />
</span><br />
<span class="style66">CONTACT NUMBER:</span>
<input name="contactnumber" type="text" id="contactnumber" />
<br />
<span class="style66">EMAIL:
<input name="contactemail" type="text" id="contactemail" />
</span><br />
<span class="style66">QUERY:</span>
<textarea name="contactquery" cols="40" rows="8"
id="contactquery"></textarea>
<br />
<br />
<input type="text" class="email" name="email" id="email" />
<br />
<br />
<img src="picture.php" /><br />
<span class="style57 style16"><em>Please enter character<br />
as listed above</em></span><br />
<input name="validate" type="text" id="validate" />
<br />
<input type="reset" name="button2" id="button2" value="Reset" />
<input type="submit" name="button" id="button" value="Submit" /></td>
</tr>
</table>
</form>
Anyone know what I'm doing wrong?
=======================================================================
Problem Solved:
Ok guys... I've tested the form again and its working now!
I'm not why it didn't work earlier, but for those who like to know... all my coding there is correct except I removed this code from my process php form:
$sbody = '<table width="420" height="135" border="0" align="center"
cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="90" colspan="5"><div align="center">Reservation &
Enquiries Submission Form </div></td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Full Name</span></td>
<td width="180" valign="top">'.$_POST['contactname'].'</td>
<td width="42"> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Contact number</span></td>
<td valign="top">'.$_POST['contactnumber'].'</td>
<td> </td>
</tr>
<tr>
<td height="25" colspan="3" align="center" valign="middle"><span
class="style7">Email</span></td>
<td valign="top">'.$_POST['contactemail'].'</td>
<td> </td>
</tr>
<tr>
<td height="35" colspan="3" align="center" valign="bottom"><span
class="style7">Query</span></td>
<td colspan="2" rowspan="2"
valign="middle">'.$_POST['contactquery'].'</td>
</tr>
<tr>
<td width="84" height="108" align="center" valign="middle">
<!--DWLayoutEmptyCell--> </td>
<td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->&
nbsp;</td>
<td width="17"> </td>
</tr>
<tr>
<td height="17"></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>';
This code is not necessary as greg0rie pointed out
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
代码注入的方式有太多。
您应该使用 filter_var 函数来对其进行最小程度的预防。
用于验证电子邮件的使用(至少且不仅仅是):
您的这行代码似乎很奇怪:
这样不是更容易吗?
There are too many ways your code can be code injected.
You should use filter_var function for a minimal prevent for it.
For validating email use (at least and not just):
This line of your code seems to be strange:
wouldn't it easier this way?