我有这个表格,用户通过它向我发送电子邮件。我不知道它是否安全,或者是否只有在涉及 sql 时才会出现安全问题......
html:
<form id="form4" action="send_mic.php" name="form4" method="post" >
<textarea name="message4" cols="4" rows="4" id="message4" ></textarea><br />
<input type="text" id="name4" name="name4" value="" /><br />
<input type="text" id="email4" name="email4" value="" /><br />
<input type="submit" value="" id="submit" />
</form>
jQuery:
<script type="text/javascript">
$(document).ready(function () {
$('#form4').ajaxForm({
beforeSubmit: validate
});
function validate(formData, jqForm, options) {
var name = $('input[name=name4]').fieldValue();
var email = $('input[name=email4]').fieldValue();
var message = $('textarea[name=message4]').fieldValue();
if (!name[0]) {
alert('Please enter a value for name');
return false;
}
if (!email[0]) {
alert('Please enter a value for email');
return false;
}
if (!message[0]) {
alert('Please enter a value for message');
return false;
}
else {
$("#content").fadeOut(1000, function () {
$(this).html("<img src='images/postauto3.png'/>").fadeIn(2000);
});
var message = $('textarea[name=message4]').val('');
var name = $('input[name=name4]').val('');
var email = $('input[name=email4]').val('');
}
}
});
</script>
php:
<?php
if($_POST){
$email = $_POST['email4'];
$name = $_POST ['name4'];
$message = $_POST ['message4'];
// response hash
$ajaxresponse = array('type'=>'', 'message4'=>'');
try {
// do some sort of data validations, very simple example below
$all_fields = array('name4', 'email4', 'message4');
foreach($all_fields as $field){
if(empty($_POST[$field])){
throw new Exception('Required field "'.ucfirst($field).'" missing input.');
}
}
// ok, if field validations are ok
// now Send Email, ect.
// let's assume everything is ok, setup successful response
$subject = "New Contact";
//get todays date
$todayis = date("l, F j, Y, g:i a") ;
$message = " $todayis \n
Attention: \n\n
Please see the message below: \n\n
Email Address: $email \n\n
Message: $message \n\n
";
$from = "From: $email\r\n";
//put your email address here
mail("contact@....ro", $subject, $message, $from);
//prep json response
$ajaxresponse['type'] = 'success';
$ajaxresponse['message'] = 'Thank You! Will be in touch soon';
} catch(Exception $e){
$ajaxresponse['type'] = 'error';
$ajaxresponse['message'] = $e->getMessage();
}
// now we are ready to turn this hash into JSON
print json_encode($ajaxresponse);
exit;
}
?>
那么,使用表单发送邮件是否存在安全问题呢?这个可以吗?谢谢!