php - php联系表单验证（无效的电子邮件仍在发送）

Question

所以我正在整理一个表格，并建议我验证表格。我找到了一个教程，但似乎仍然无法让 php 正常运行。

表单的 html：

<div id="FGSform"> 
<form action="/working/wp-content/themes/NEW/mail.php" method="post" name="contactFGS"          id="contactFGS">
<ul>
<li>
    <label for="first-name">First Name</label>
<br>
    <input type="text" id="firstname" name="firstname" required aria-required="true">
</li>
<br>
<li>
    <label for="last-name">Last Name</label><br>
    <input type="text" id="lastname" name="lastname" required aria-required="true">
</li>
<br>
<li>
    <label for="email">Email</label>
<br>
    <input type="email" id="email" name="email" required aria-required="true">
</li>
<br>
<li>
  <label for="contact-reason" id="reason" name="reason">Reason for Contact</label>
      <select id="reason" name="reason" required>
      <option value="."></option>
      <option value="Print Services">Print Services</option>
      <option value="Design Services">Design Services</option>
      <option value="Employment">Employment</option>
      <option value="Questions">Questions</option>
      <option value="Other">Other</option>     
      </select> 
</li>
<br>
<li>
  <label for="comments">Comments</label>
<br>
    <textarea name="contactcomments" id="contactcomments" cols="40" rows="10" required></textarea>
</li> 
<br>
<li>
    <input type="radio" id="newsletter" name="newsletter">
    <label for="signmeup">Sign me up for newsletter, updates and other information about FGS</label>  
</li>
<br>
<li>
<input type="submit" value="Send" name="submit">
</li>

这是php：

<?php
/*Validate and Sanitaize */

    if (isset($_POST['submit'])){

}

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}

if ($_POST['emial'] != "") {
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALITDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
} else {
    $errors .= 'Please enter your email address.<br/>';
}

if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}





 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'email@here.com';



 /* Data Variables */
 $firstname = $_POST['firstname'];
 $lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];





$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body,
$headers);


/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
 <meta http-equiv="refresh" content="3;URL=http://mywebsite.com/working/?       page_id=8">
<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as posible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

我遇到的问题是一个人可以提交无效的电子邮件，他们也可以选择无效的选择项。

我将表单的操作连接到 php 文件，但我不确定是否需要让每个表单元素调用 php 文件的特定 if/then 语句。

我是 php 新手，所以这已被证明是一个真正的挑战。

感谢任何提供帮助的人。

score 1 · Accepted Answer

1

它应该是 FILTER_VALIDATE_EMAIL 而不是 FILTER_VALITDATE_EMAIL

于 2013-08-21T18:49:27.070 回答

score 0 · Accepted Answer

除了其他拼写错误和逻辑错误（请参阅 Fred -ii- 的答案和评论），您似乎发现了错误，但不要对此采取任何措施。

目前，在伪代码中：

Check for errors.
If there are any errors, add them to a message.

Regardless of the possible errors, send the email.

它应该是这样的：

Check for errors.
If there are any errors, add them to a message.

Check to see if there is any error message(s)
If yes, complain loudly and exit
Otherwise, send the email.

发现错误只是成功的一半！然后，如果可以，则需要更正它们，如果不能，则需要以其他方式处理它们！

score 0 · Accepted Answer

你有几个选择。

value="."在您的表格中取出<option value="."></option>

然后改变这个if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {

至

if (!isset($_REQUEST['reason'])) {并且该选项将起作用（经过测试）

一定要做出改变if ($_POST['emial'] != "") {

至if ($_POST['email'] != "") {

连同Dimitri Mostrey's答案。

你也可以尝试你已经拥有的，但exit;像这样在最后包含并添加!你的if isset：

请注意添加的`!`内容不在您的处理程序中并且需要它。

否则，使用if (isset，您是在告诉“是否已设置”它不是。

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;

电子邮件验证

下if (isset($_POST['submit'])){

添加$email = $_POST['email'];

然后改变：

if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}

至

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

这是一个完整的重写：

注意：最好将变量放在顶部，而不是再往下。

我$email = $_POST['email']; 在下面添加if (isset($_POST['submit'])){

<?php
/*Validate and Sanitize */

    if (isset($_POST['submit'])){

    $email = $_POST['email'];

}

$error = ""; // added by me

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}


/*
if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}
*/

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

else {
    $errors .= 'Please enter your email address.<br/>';
}

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}


 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'kmurray@frgraphicsolutions.com';


 /* Data Variables */
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];


$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);

/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
<meta http-equiv="refresh" content="3;URL=http://frgraphicsolutions.com/working/?page_id=8">

<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as possible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

php - php联系表单验证（无效的电子邮件仍在发送）

3 回答 3

你有几个选择。

请注意添加的!内容不在您的处理程序中并且需要它。

电子邮件验证

这是一个完整的重写：

注意：最好将变量放在顶部，而不是再往下。

Related

Reference

请注意添加的`!`内容不在您的处理程序中并且需要它。