php - 表单验证和验证码

Question

我创建的联系表格有两个问题。我以前受到垃圾邮件的严重打击。

1. 我要求在处理表单之前填写所有字段，但我所写的内容不起作用：无论一个人是否填写所有字段，信息都会进入数据库。***通过使用修复：

   函数 validateForm() { var x=document.forms["validation"]["firstname"].value; if (x==null || x=="") { alert("请输入您的名字"); 返回假；}

对于所有字段，这一个用于电子邮件：

    var x=document.forms["validation"]["email"].value;
 var atpos=x.indexOf("@");
 var dotpos=x.lastIndexOf(".");
 if (atpos<1 || dotpos<atpos+2 || dotpos+2>=x.length)
  {
  alert("Please enter a valid email address");
  return false;
  }

现在，我需要让验证码正常工作或如何添加以检查验证码在相同的 javascript 中是否正确？我认为错误在于这种方式？：

    session_start();
    if($_POST['submitted'] == "contactus")
     if( $_SESSION['security_code'] == $_POST['security_code'] &&   !empty($_SESSION['security_code'] ) ) {
        header("Location:http://www.berrieswebdesign.com/thankyou.php?message=thanks");
                unset($_SESSION['security_code']);
   } else {
    // Insert your code for showing an error message here
    echo "<div id='thankyoubox'>'Security breach! Security Breach! Ehem...Your     security code was incorrect.'</div>";
  }
    ob_flush();

        ?>

最后，这里是contactfunctions.php

    <?php ob_start();//Required for the redirect to work?>
 <?php 
 include_once("databasefunctions.php");

 $contactsdbtable = "contacts";

 function GetHeaders()
 {
    $headers  = 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    // Additional headers
    $headers .= "To: {$firstname} <{$email}>" . "\r\n";
    $headers .= 'From: My Website <info@mywebsite.com>' . "\r\n";
    return $headers;
 }
 function ContactMessage($firstname, $lastname, $email, $message, $location)
 {
global $contactsdbtable;
openDatabase();
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email = mysql_real_escape_string($email);
$message = mysql_real_escape_string($message);
$location = mysql_real_escape_string($location);

$result = QuickQuery("INSERT INTO {$contactsdbtable}(firstname, lastname, email, message, location) 
                      VALUES('{$firstname}', '{$lastname}', '{$email}', '{$message}', '{$location}')");

if($result)
{
    $headers = GetHeaders();
    $message = "\"Thank you for contacting us at My Website. We will be answering your website inquiry post haste.\"<br />
    <br />
    <br />
    Best Regards,<br />
    <br />
    Me
    ";
    mail($email, "RE: Design Inquiry", $message, $headers);
    mail("myemail@blahblah.com", "Website Inquiry", "{$firstname}, {$email}, has sent a web design inquiry", $headers);

}
}


?>

感谢我提前收到的任何帮助。另外，由于这篇文章很长，你们介意列出您要解决的问题是 1 还是 2？

谢谢！

Answer 1

好的试试这个：

<?php
    $is_error = false;
    if($_POST['submitted'] == "contactus")
    {
      $firstname = $_POST['firstname'];
      $lastname = $_POST['lastname'];

      $email = $_POST['email'];
      $message = $_POST['message'];
      $location = $_POST['location'];
      if(!$firstname || $firstname = ''){
        $error = "Please enter your first name.";
        $is_error = true;
      } else if(!$lastname || $lastname= ''){
        $error = "Please enter your last name.";
        $is_error = true;
      } else if(!$email || $email= ''){
        $error = "Please enter a valid email.";
        $is_error = true;
      }else if(!$message || $message= ''){
        $error = "Please enter your message.";
        $is_error = true;
      }else if(!$location || $location= ''){
        $error = "Please tell us where you're from.";
        $is_error = true;
      }

      if(($is_error === false) && ($_SESSION['security_code'] == $_POST['security_code']))
      {
        ContactMessage($firstname, $lastname, $email, $message, $location);
      } else {
        Error($error);
      }
    }
 ?>