您好!我只是想知道我剛剛創建的這個contactform腳本有多安全?很久以前,我的老師在made contact我的聯繫人時很嘮叨我。確保聯繫表格腳本
if($_SERVER['REQUEST_METHOD'] === 'POST'){
$myemail = "[email protected]";
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$subject = $_POST['subject'];
$comments = $_POST['comments'];
if($name == 0 || !preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email) || !preg_match("/^\d{2}(-\d{3}){2}(\d{2})?$/", $phone) || $subject == 0 || $comments == 0){
$error_message = 'Something was written wrong..';
} else {
$message = "Hello!
Your contact form has been submitted by:
Name: $name
E-mail: $email
Phone: $phone
Comments: $comments
End of message";
mail($myemail, $subject, $message);
$error_message = 'Your message was sent!';
}
}
有關如何使其安全的任何建議?
P.S. Securing a Contact Form和Securing a php contact form都適用於WordPress,這不是我所要做的。
您可能想要在http://codereview.stackexchange.com/ – j08691
上發佈此信息似乎很容易受到郵件注入攻擊,這意味着通過注入自定義標頭和自定義正文通過服務器發送(垃圾郵件)郵件。可以通過\ r和\ n關閉主題以及將其他所有未過濾到郵件標題中的內容進行修復。 –
也許老師指的是人類/機器人跳棋,如[recaptcha](http://www.google.com/recaptcha)。 – Matt