我在网上找到了以下联系表格脚本,我想知道它是否安全,如果不是这样我可以使它更安全。我刚刚回到我认为我很久以前获得代码的页面,我看到一位评论者说:
“客户端验证仅用于用户方便,它不会阻止垃圾邮件、黑客或烦人的网络开发人员。黑客所要做的就是创建自己的 HTML 文件而不使用 javascript。垃圾邮件机器人甚至不会使用他们的表单”我只会解析它的 id 并发送原始数据包。始终检查服务器上的输入,永远不要信任用户。”
我不确定这意味着什么,但希望如果有人在下面的代码中看到漏洞,评论可能更有意义:
<?php
$EmailFrom = Trim(stripslashes($_POST['Email']));
$EmailTo = "info@mysite.com";
$Subject = "Customer Inquiry from MySite.com";
$Name = Trim(stripslashes($_POST['Name']));
$Tel = Trim(stripslashes($_POST['Tel']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));
// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-error.php\">";
exit;
}
// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Tel: ";
$Body .= $Tel;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";
// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-success.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.mysite.com/contact-us-error.php\">";
}
?>
谢谢参观