php - 我的 PHP 表单提交但未验证电子邮件地址

Question

我是一个热心的 PHP 新手，所以请原谅我在学习过程中的错误。基本上，我正在为我的网站构建一个简单的联系表格，并成功地让表格发送用户的名字和姓氏、主题、电子邮件地址和消息。我正在使用第二个文件“form_process.php”来处理来自“index.php”的表单数据。

问题是电子邮件地址似乎没有经过验证，并且会发送输入的任何单词。如果有更多经验丰富的眼睛可以看看并帮助我解决这个问题，我将不胜感激。先感谢您。

迈克尔。

HTML：

    <div id="form">
  <form action="form_process.php" method="post" enctype="multipart/form-data">
    <p>
      <input type="text" maxlength="100" size="50" name="fName" value="<?php echo $stored_fName;?>" placeholder="First Name" />
    </p>
    <p>
      <input type="text" maxlength="100" size="50" name="lName" value="<?php echo $stored_lName;?>" placeholder="Last Name" />
    </p>
    <p>
      <input type="text" maxlength="80" size="50" name="email" value="<?php echo $stored_email;?>" placeholder="Email Address" />
    </p>
    <p>
      <input type="text" maxlength="100" size="50" name="subject" value="<?php echo $stored_subject;?>" placeholder="Subject" />
    </p>
    <p>
      <textarea name="message" rows="6" cols="38" placeholder="Message"></textarea>
    </p>
    <br />
    <input type="submit" value="Submit" name="submit" />
    <input type="reset" value="Clear" name="clear">
  </form>
</div>
<!-- form ends -->

PHP：“form_process.php”

    <?php
session_start();

// Report all PHP errors
error_reporting(E_ALL);

//use $_POST to to store data from submitted form into these variables
$fName =  check_input($_POST['fName']);
$lName =  check_input($_POST['lName']);
$sender =  check_input($_POST['email']);
$subject =  check_input($_POST['subject']);
$message =  check_input($_POST['message']);


//check_input function to strip unnessessary characters and sanitize user data
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$name = $fName ." ". $lName;//concatenating first and last names to new name variable

$sanitizedEmail = filter_var($sender, FILTER_SANITIZE_EMAIL);

//generates error messages on index.php if form fields left blank
if ($fName == ''){
    header("Location:index.php?message=1");
    exit();
}
if ($lName == ''){
    header("Location:index.php?message=2");
    exit();
}
if ($sender == ''){
    header("Location:index.php?message=3");
    exit();
}
if ($subject == ''){
    header("Location:index.php?message=4");
    exit();
}
if ($message == ''){
    header("Location:index.php?message=5");
    exit();
}

//headers
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= $name . "\r\n";
$headers .= "From:" . " " . $sanitizedEmail . "\r\n";

//mail function
$to = "me@myemail.com";
$subject = $subject;
$message = $message;

//send message
$send_message = mail($to,$subject,$message,$headers);

if($send_message){
    header("Location:index.php?message=6");
}else {
    header("Location:index.php?message=9");
    exit();
}

?>

“index.php”错误信息：

    <?php

//all fields empty until user inputs data for session to store 
$stored_fName = '';//init as NULL
$stored_lName = '';//init as NULL
$stored_email = '';//init as NULL
$stored_subject = '';//init as NULL
$stored_message = '';//init as NULL

//session data used to repopulate form fields if any info is missing or incorrect
if (isset($_SESSION['fName'])){
    $stored_fName = $_SESSION['fName'];
}
if (isset($_SESSION['lName'])){
    $stored_lName = $_SESSION['lName'];
}
if (isset($_SESSION['email'])){
    $stored_email = $_SESSION['email'];
}
if (isset($_SESSION['subject'])){
    $stored_subject = $_SESSION['subject'];
}
if (isset($_SESSION['message'])){
    $stored_message = $_SESSION['message'];
}


//error messages displayed to user if text fields have been left blank
$_GET['message'];

if ($_GET['message'] == 1) {//first name
    echo "<strong>Please type your first name.</strong>";
}
if ($_GET['message'] == 2) {//last name
    echo "<strong>Please type your last name.</strong>";
}
if ($_GET['message'] == 3){//email address
    echo "<strong>Please type an email address.</strong>";
}
if ($_GET['message'] == 4){//subject
    echo "<strong>Please type a subject.</strong>";
}
if ($_GET['message'] == 5){//message text
    echo "<strong>Please type your message.</strong>";
}
if ($_GET['message'] == 6){//message success from form_process.php
    echo "<strong>Your message was sent successfully.  Thank you.</strong>";
}
if ($_GET['message'] == 9){
    echo "<strong>I'm sorry but your message was not sent.  Please try again, thank you.</strong>";
}
?>

score 1 · Accepted Answer

你应该像这样使用它：

if(filter_var($email, FILTER_VALIDATE_EMAIL)){ 
    // is email
    $sender = $email; 
}else{ 
    // isn't email
    $sender = '';    
}

阅读更多关于PHP Validate Filters

php - 我的 PHP 表单提交但未验证电子邮件地址

1 回答 1

Related

Reference