0

任何人都可以帮忙吗?

我是 php 新手,正在尝试为简单的联系表单开发验证规则。

当表单的其他部分验证失败时,如何停止选择字段重置?

代码如下:

<?php


    $error      = '';
    $title      = '';
    $firstname  = '';
    $surname    = '';
    $email      = '';
    $phone      = '';
    $comments   = '';
    $how        = '';
    $verify     = '';

    if(isset($_POST['contactus'])) {

    $title      = $_POST['title'];
    $firstname  = $_POST['firstname'];
    $surname    = $_POST['surname'];
    $email      = $_POST['email'];
    $phone      = $_POST['phone'];
    $comments   = $_POST['comments'];
    $how        = $_POST['how'];
    $verify     = $_POST['verify'];

    ini_set("sendmail_from", $email_from, "enquiries@blah.com");


    // Errors

    if(trim($title) == '') {
        $error = '<div class="error_message">Please enter your Title.</div>';
    }
    else if(trim($firstname) == '') {
        $error = '<div class="error_message">Please enter your First name.</div>';
    }
    else if(trim($surname) == '') {
        $error = '<div class="error_message">Please enter your Surname.</div>';
    }
    else if(!validEmail($email)){
    $error = '<div class="error_message">Please enter a valid email address.</div>';
    $email = '';
    }
    if($error == '') {

        if(get_magic_quotes_gpc()) {
            $comments = stripslashes($comments);
        }


    $address = "enquiries@blah.com";

    $e_subject = 'Care at Home Enquiry from ' . $title . $surname . '.';

    $e_body = "You have been contacted by $name with regards to an Advantage Nurses general enquiry, contact details and message are as follows.\r\n\n";
    $e_content = "Title: " . $title  .
                 "\r\n\nFirst name:" . $firstname  .
                 "\r\n\nSurname: " . $surname  .  
                 "\r\n\nEmail: " . $email  . 
                 "\r\n\nPhone: " . $phone  . 
                 "\r\n\nEnquiry: " . $comments .
                 "\r\n\nHow Did You Hear About Us: " . $how;

    //$e_reply = "\r\n\nYou can contact $name via email, $email or via phone $phone";

    $msg = $body . $e_content . $e_reply;

    if(mail($address, $e_subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n"))
    {
        // Email has sent successfully, echo a success page.

         echo "<div id='succsess_page'>";
         echo "<h1>Enquiry Submitted.</h1>";
         echo "<p>Thank you <strong>$title $surname</strong>, your enquiry has been submitted to us.<br /><br /> A member of our Team will contact you within 48 hours.</p>";
         echo "</div>";
     } else echo "Error. Mail not sent";

    }
}

    if(!isset($_POST['contactus']) || $error != '') // Do not edit.
    {

?>

4

3 回答 3

0

On your form you need to check the values for those variables. For example:

<select name="title" class="selectfield" id="title" value="">
    <option value="">Please Select...</option>
    <option value="Mr" <?php if(isset($title) && $title == 'Mr') echo 'selected'; ?>>Mr</option>
    <option value="Mrs" <?php if(isset($title) && $title == 'Mrs') echo 'selected'; ?>>Mrs</option>
    <option value="Miss" <?php if(isset($title) && $title == 'Miss') echo 'selected'; ?>>Miss</option>
    <option value="Ms" <?php if(isset($title) && $title == 'Ms') echo 'selected'; ?>>Ms</option>
    <option value="Dr" <?php if(isset($title) && $title == 'Dr') echo 'selected'; ?>>Dr</option>
    <option value="Rev" <?php if(isset($title) && $title == 'Rev') echo 'selected'; ?>>Rev</option>
    <option value="Sir" <?php if(isset($title) && $title == 'Sir') echo 'selected'; ?>>Sir</option>
</select>

Or you could use JQuery to select the correct option if you wanted.

于 2012-12-03T16:42:44.883 回答
0

In your html for the select options, try something like this:

<option value="Mr." <? if($title == "Mr.") echo "selected"; ?>>Mr.</option>

This will automatically select the option if your $_POST value was "Mr."

于 2012-12-03T16:42:46.710 回答
0

如果在数组中定义选项值会更优雅:

$titles = array('Mr', 'Miss', 'Mrs');

在 HTML 中:

<select name="title" id="title">
    <?php foreach($titles as $title): ?>

    <option value="<?php echo $title; ?>" if(isset($_POST['title']) $_POST['title'] == $title) echo 'selected="selected"';><?php echo $title; ?></option>

    <?php endforeach; ?>
</select>

警告 1:您的代码易受 XSS 攻击,您不应将原始用户输入打印回页面,将其传递给htmlspecialchars().

警告 2:它也容易受到邮件头注入攻击。您应该验证$email您插入到标题中的内容,或者根本不将任何用户输入插入到标题中。

因此,我已从问题中删除了您的站点链接。我建议让您的页面离线,直到漏洞得到修复。

于 2012-12-03T16:46:27.903 回答