我看起來太具有限制和查詢表單17個字符的機動車VIN號碼,只有17個字符,有沒有辦法修改以下enquiry.php代碼執行這一點,因爲用戶保持繞過必填字段用假VIN號:enquiry.php限制表單字段到特定的字符限制
<?php
//if mysite.co.za is there in HTTP_REFERRER variable
if(strpos($_SERVER['HTTP_REFERER'],'mysite.co.za'))
{
//only process operation here
require_once('recaptchalib.php');
$privatekey = " ";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
header("Location: http://www.mysite.co.za/car-electronic-equipment-replacement-error.html");
} else {
// Your code here to handle a successful verification
function spamcheck($field) {
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if(filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
//check if the email address is invalid
$to = "[email protected]";
$subject = "Key-Soft Enquiry Form";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$number_field = $_POST['number'];
$make_field = $_POST['make'];
$model_field = $_POST['model'];
$vin_field = $_POST['vin'];
$location_field = $_POST['location'];
$locked_field = $_POST['locked'];
$lostKeys_field = $_POST['lostKeys'];
$remoteKey_field = $_POST['remoteKey'];
$info = $_POST['info'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers="From: $name_field <$email_field>" . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$body = "From: $name_field\n
Email Address: $email_field\n
Phone Number: $number_field\n
Car Make: $make_field\n
Year Model: $model_field\n
Vin Number: $vin_field\r
Location of vehicle: $location_field\n
Is the car locked: $locked_field\n
Are all keys lost: $lostKeys_field\n
Are they remote keys: $remoteKey_field\n
Additional Info: $info";
header("Location: http://www.mysite.co.za/vehicle-security-key-duplication-thank-you.html");
mail($to, $subject, $body, $headers);
}
}
?>
你爲什麼不首先驗證用戶界面上的輸入? –