我的PHP腳本處理不正確（PHP新手）

Question

我試圖編寫一個PHP腳本來自動發送帶有表單輸入的電子郵件，但是當它在提交時被調用時，它會顯示我放入的錯誤嘗試直接訪問php。

任何幫助將不勝感激，我對此很新。

<form action="form-to-email.php" method="post" name="camper_registration" id="camper registration" "> 
    <label>Last Name*: </label> 
    <input name="lastname" type="text" id="lastname" required="required"/><br /> 
    <label>First Name*: </label> 
    <input name="firstname" type="text" id="firstname" required="required"/><br /> 
    <label>Middle Initial: </label> 
    <input type="text" name="initial" size=1 maxlength=1 /><br /><br /> 

    <label>Street Address*: </label> 
    <input name="streetaddress" type="text" id="streetaddress" required="required"/><br /> 
    <label>Address Line 2: </label><input type="text" name="addressline2" /><br /> 
    <label>City*: </label> 
    <input name="city" type="text" id="city" required="required"/><br /> 
    <label>State/Province/Region*: </label> 
    <input name="state" type="text" id="state" required="required"/><br /> 
    <label>Zipcode*: </label> 
    <INPUT NAME="zip" input type="tel" SIZE=5 MAXLENGTH=5 onKeyPress="return numbersonly(this, event)" required="required"><br /><br /> 
    <label>Youth's Email*: </label> 
    <input type="email" name="email" required="required"/><br /><br /> 
    <label>Date of Birth*: </label> 
    <INPUT NAME="month" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/ 
    <INPUT NAME="day" input type="tel" SIZE=2 MAXLENGTH=2 onKeyPress="return numbersonly(this, event)" required="required">/ 
    <INPUT NAME="year" input type="tel" SIZE=4 MAXLENGTH=4 onKeyPress="return numbersonly(this, event)" required="required"> 

    <SCRIPT TYPE="text/javascript"> 
     autojump("month", "day", 2); autojump("day", "year", 2); 
    </SCRIPT> 
    <br /><br /> 
    <label>Grade completed in<br /> Spring 2013*: </label> 
    <input type="tel" name="grade" size=2 maxlength=2 required="required"/><br /><br /> 
    <label>Gender*:</label> 
    <input type="radio" name="gender" value="Male" required="required"> Male 
    <input type="radio" name="gender" value="Female" required="required"> Female <br /> <br /> 
    <label>Parent/Guardian(s)*: </label> 
    <input name="guardian" type="text" id="guardian" required="required"/> <br /><br /> 
    <label>Parent Phone*: </label> 
    (<INPUT NAME="areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">) 
    <INPUT NAME="cellphone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br /> 

    <SCRIPT TYPE="text/javascript"> 
     <!-- 
     autojump("areacode", "cellphone", 3); 
     //--> 
    </SCRIPT> 

    <label>1st Emergency Contact*: </label> 
    <input name="emergency_contact_1" type="text" id="emergency_contact_1" required="required"/><br /><br /> 
    <label>Contact Number*: </label> 
    (<INPUT NAME="emergency_contact_1_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">) 
    <INPUT NAME="emergency_contact_1_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br /> 

    <SCRIPT TYPE="text/javascript"> 
     <!-- 
     autojump("emergency_contact_1_areacode", "emergency_contact_1_phone", 3); 
     //--> 
    </SCRIPT> 

    <label>2nd Emergency Contact*: </label> 
    <input name="emergency_contact_2" type="text" id="emergency_contact_2" required="required"/><br /><br /> 
    <label>Contact Number*: </label> 
    (<INPUT NAME="emergency_contact_2_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)" required="required">) 
    <INPUT NAME="emergency_contact_2_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)" required="required"><br /><br /> 

    <SCRIPT TYPE="text/javascript"> 
     <!-- 
     autojump("emergency_contact_2_areacode", "emergency_contact_2_phone", 3); 
     //--> 
    </SCRIPT> 

    <label>Name of Home Church: </label> 
    <input type="text" name="home_church" /><br /><br /> 
    <label>Phone Number: </label> 
    (<INPUT NAME="church_areacode" input type="tel" SIZE=3 MAXLENGTH=3 onKeyPress="return numbersonly(this, event)">) 
    <INPUT NAME="church_phone" input type="tel" SIZE=7 MAXLENGTH=7 onKeyPress="return numbersonly(this, event)"><br /> 

    <SCRIPT TYPE="text/javascript"> 
     autojump("church_areacode", "church_phone", 3); 
    </SCRIPT> 

    <label>Contact Person: </label> 
    <input type="text" name="contact_person" /><br /><br /> 

    <b>Special Needs</b><br /> Some campers may have needs that might require special attention from our staff; accessibility, health concerns, diet, allergies, etc. <br /><br /> 
    <label>Please list any special needs: </label> 
    <textarea rows="10" cols="20" name="special_needs"> </textarea> <br /><br /> 
    <label>T-Shirt Size*: </label> 
    <input type="radio" name="shirt_size" value="Small" required="required"> Small 
    <input type="radio" name="shirt size" value="Medium" required="required"> Medium 
    <input type="radio" name="shirt size" value="Large" required="required"> Large 
    <input type="radio" name="shirt size" value="XL" required="required"> XL 
    <input type="radio" name="shirt size" value="2XL" required="required"> 2XL<br /><br /> 

    <b>Roommate</b><br /> There are double and many single occupancy dorm rooms at Grinnell college campus - if possible we will honor your request for ONE preferred roommate.<br /><br /> 
    <label>Roommate Preference: </label> 
    <input type="text" name="roommate" /><br /><br /> 

    <div id="satellites"> 
     <b>Satellite Choices</b><br /> List your first, second, and third choices. You will be given your first choice if it is not full. ALL events have limited capacity. If you do not choose a satellite, one will be assigned for you. (<a href="satellites.htm"target="_blank">Satellite Choices</a>)<br /> 
     <label>First Choice*: </label> 
     <input name="firstchoice" type="text" id="firstchoice" required="required"/><br /> 
     <label>Second Choice*: </label> 
     <input name="secondchoice" type="text" id="secondchoice" required="required"/><br /> 
     <label>Third Choice*: </label> 
     <input name="thirdchoice" type="text" id="thirdchoice" required="required"/><br /><br /> 
    </div> 

    <p> 
     <b> Remember! </b><br />Please to fill out and bring the <a href="Camper_Health_History_and_Authorization_Form_2013.pdf">Health Form</a> <i>with you to camp</i>.<br /><br /> 
     <b>Cost of SGU Camp July 8 - 12, 2013 $275 <br /></b> A $50 <i> non-refundable</i> fee is required to be registered. <br /> Due to the limited capacity of 400 campers, please note full payment is due by June 25th to ensure you have completed the registration process. 
    </p><br /> 

    <input type="submit" value="Submit"> 
</form> 

這裏是PHP

<?php 
if(!isset($_POST['submit'])){ 
    //This page should not be accessed directly. Need to submit the form. 
    echo "error; you need to submit the form!"; 
    die; 
} 

$page = "camper.htm"; 
if (!ereg($page, $_SERVER['HTTP_REFERER'])){ 
    echo "Invalid referer"; 
    die; 
} 

$firstname = $_POST['firstname']; 
$lastname = $_POST['lastname']; 
$initial = $_POST['initial']; 
$streetaddress = $_POST['streetaddress']; 
$addressline2 = $_POST['addressline2']; 
$city = $_POST['city']; 
$state = $_POST['state']; 
$zip = $_POST['zip']; 
$email = $_POST['email']; 
$month = $_POST['month']; 
$day = $_POST['day']; 
$year = $_POST['year']; 
$grade = $_POST['grade']; 
$gender = $_POST['gender']; 
$guardian = $_POST['guardian']; 
$areacode = $_POST['areacode']; 
$cellphone = $_POST['cellphone']; 
$contact1 = $_POST['emergency_contact_1']; 
$contact1areacode = $_POST['emergency_contact_1_areacode']; 
$contact1phone = $_POST['emergency_contact_1_phone']; 
$contact2 = $_POST['emergency_contact_2']; 
$contact2areacode = $_POST['emergency_contact_2_areacode']; 
$contact2phone = $_POST['emergency_contact_2_phone']; 
$homechurch = $_POST['home_church']; 
$churchareacode = $_POST['church_areacode']; 
$churchphone = $_POST['church_phone']; 
$contactperson = $_POST['contact_person']; 
$specialneeds = $_POST['special_needs']; 
$shirtsize = $_POST['shirt_size']; 
$roommate = $_POST['roommate']; 
$firstchoice = $_POST['firstchoice']; 
$secondchoice = $_POST['secondchoice']; 
$thirdchoice = $_POST['thirdchoice']; 


//Validate first 
if(IsInjected($visitor_email)){ 
    echo "Bad email address!"; 
    exit; 
} 

/* 
Simple form validation 
check to see if an email and message were entered */ 
if ($_POST['firstname'] == "" || $_POST['lastname'] == "" || $_POST['streetaddress'] == "" || $_POST['city'] == "" || $_POST['state'] == "" || $_POST['zip'] == "" || $_POST['email'] == "" || $_POST['month'] == "" || $_POST['day'] == "" || $_POST['year'] == "" || $_POST['grade'] == "" || $_POST['gender'] == "" || $_POST['guardian'] == "" || $_POST['areacode'] == "" || $_POST['cellphone'] == "" || $_POST['emergency_contact_1'] == "" || $_POST['emergency_contact_1_areacode'] == "" || $_POST['emergency_contact_1_phone'] == "" || $_POST['emergency_contact_2'] == "" || $_POST['emergency_contact_2_areacode'] == "" || $_POST['emergency_contact_2_phone'] == "" || $_POST['shirt_size'] == "" || $_POST['firstchoice'] == "" || $_POST['secondchoice'] == "" || $_POST['thirdchoice'] == "") { 
    echo "Please fill in all required boxes."; 
} 
else { 
    $email_from = 'cscholtens@marionmethodist.org';//<== update the email address 
    $email_subject = "New Registration"; 
    $email_body = "You have received a new registration.\n". 
     "Camper: $firstname $initial $lastname \n". 
     "Address: $streetaddress \n". 
     "$addressline2 \n". 
     "$city, $state $zip \n". 
     "Email: $email \n". 
     "Date of Birth: $month/$day/$year \n". 
     "Grade Completed: $grade \n". 
     "Gender: $gender \n". 
     "Guardian: $guardian \n". 
     "Guardian Cell Phone: ($areacode) $cellphone \n". 
     "First Emergency Contact: $contact1 Contact Number: ($contact1areacode) $contact1phone \n". 
     "Second Emergency Contact: $contact2 Contact Number: ($contact2areacode) $contact2phone \n". 
     "Home Church: $homechurch Contact Number: ($churchareacode) $churchphone Contact Person: $contactperson \n". 
     "Special Needs: $specialneeds \n". 
     "T-Shirt Size: $shirtsize \n". 
     "Roommate Preference: $roommate \n". 
     "Satellite Preferences: 1.$firstchoice 2.$secondchoice 3.$thirdchoice \n". 
     " \n". 

    $to = "cscholtens@marionmethodist.org";//<== update the email address 
    $headers = "From: $email_from \r\n"; //Send the email! 
    mail($to,$email_subject,$email_body,$headers); 
    //done. redirect to thank-you page. 
    header('Location: thanks2.htm'); 

    // Function to validate against any email injection attempts 
    function IsInjected($str) { 
     $injections = array('(\n+)', 
      '(\r+)', 
      '(\t+)', 
      '(%0A+)', 
      '(%0D+)', 
      '(%08+)', 
      '(%09+)' 
     ); 
     $inject = join('|', $injections); 
     $inject = "/$inject/i"; 
     if(preg_match($inject,$str)){ 
      return true; 
     } 
     else{ 
      return false; 
     } 
    } 
} 
?> 

Answer 1

你需要一個更好的方法來檢測已發佈的形式..

if($_SERVER['REQUEST_METHOD'] !== 'POST') 
{ 
    //do error here 
} 

提交表單時，這將返回POST。您需要進一步驗證它是否是您的表單，但唯一可行的方法是使用表單密鑰。

Answer 2

你必須確保你的提交按鈕有name屬性與價值submit。否則$_POST['submit']將永遠不會被設置。

<input type="submit" name="submit" value="Submit Form"> 

Answer 3

這是我的標準教學示例。你可能想擺脫ereg（）函數！

<?php // RAY_form_to_email.php 
error_reporting(E_ALL); 


// SEND MAIL FROM A FORM 


// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK 
$from = "NoReply@Your.org"; 
$subj = "Contact Form"; 

// THIS IS AN ARRAY OF RECIPIENTS - CHANGE THESE FOR YOUR WORK 
$to[] = "You@Your.org"; 
$to[] = "Her@Your.org"; 
$to[] = "Him@Your.org"; 


// IF THE DATA HAS BEEN POSTED 
if (!empty($_POST['email'])) 
{ 
    // DISABLED ON THE SERVER SIDE 
    var_dump($_POST); 
    die(' DISABLED'); 

    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA 
    $email  = clean_string($_POST["email"]); 
    $name  = clean_string($_POST["name"]); 
    $telephone = clean_string($_POST["telephone"]); 

    // CONSTRUCT THE MESSAGE THROUGH STRING CONCATENATION 
    $content = NULL; 
    $content .= "You have a New Query From $name" . PHP_EOL . PHP_EOL; 
    $content .= "Tel No: $telephone" . PHP_EOL; 
    $content .= "Email: $email" . PHP_EOL; 

    // SEND MAIL TO EACH RECIPIENT 
    foreach ($to as $recipient) 
    { 
     if (!mail($recipient, $subj, $content, "From: $from\r\n")) 
     { 
      echo "MAIL FAILED FOR $recipient"; 
     } 
     else 
     { 
      echo "MAIL WORKED FOR $recipient"; 
     } 
    } 

    // PRODUCE THE THANK-YOU PAGE 
    echo '<p>THANK YOU</p>' . PHP_EOL; 
} 


// A FORM TO TAKE CLIENT INPUT FOR THIS SCRIPT 
$form = <<<ENDFORM 
<form method="post"> 
Please enter your contact information 
<br/>Email: <input name="email" /> 
<br/>Phone: <input name="telephone" /> 
<br/>Name: <input name="name" /> 
<br/><input type="submit" /> 
</form> 
ENDFORM; 

echo $ form;

Answer 4

'HTTP_REFERER' 將用戶代理引用到當前頁面的頁面地址（如果有的話）。這由用戶代理設置。並非所有的用戶代理都會設置它，有些提供了將HTTP_REFERER修改爲功能的功能。總之，它不能真正被信任。

http://php.net/manual/en/reserved.variables.server.php

回聲的HTTP_REFERRER變量是否有任何那裏。也許使用php_頭函數來檢查URL。