enquiry.php限制表單字段到特定的字符限制

Question

我看起來太具有限制和查詢表單17個字符的機動車VIN號碼，只有17個字符，有沒有辦法修改以下enquiry.php代碼執行這一點，因爲用戶保持繞過必填字段用假VIN號：

<?php 
    //if mysite.co.za is there in HTTP_REFERRER variable 
    if(strpos($_SERVER['HTTP_REFERER'],'mysite.co.za')) 
    { 
    //only process operation here 
    require_once('recaptchalib.php'); 
    $privatekey = " "; 
    $resp = recaptcha_check_answer ($privatekey, 
$_SERVER["REMOTE_ADDR"], 
$_POST["recaptcha_challenge_field"], 
$_POST["recaptcha_response_field"]); 

    if (!$resp->is_valid) { 
    header("Location: http://www.mysite.co.za/car-electronic-equipment-replacement-error.html"); 
    } else { 
    // Your code here to handle a successful verification 
    function spamcheck($field) { 
    //filter_var() sanitizes the e-mail 
    //address using FILTER_SANITIZE_EMAIL 
    $field=filter_var($field, FILTER_SANITIZE_EMAIL); 

    //filter_var() validates the e-mail 
    //address using FILTER_VALIDATE_EMAIL 
    if(filter_var($field, FILTER_VALIDATE_EMAIL)) { 
    return TRUE; 
    } else { 
    return FALSE; 
    } 
} 
//check if the email address is invalid 
    $to = "info@mysite.co.za"; 
    $subject = "Key-Soft Enquiry Form"; 
    $name_field = $_POST['name']; 
    $email_field = $_POST['email']; 
    $number_field = $_POST['number']; 
    $make_field = $_POST['make']; 
    $model_field = $_POST['model']; 
    $vin_field = $_POST['vin']; 
    $location_field = $_POST['location']; 
    $locked_field = $_POST['locked']; 
    $lostKeys_field = $_POST['lostKeys']; 
    $remoteKey_field = $_POST['remoteKey']; 
    $info = $_POST['info']; 
    $headers = 'MIME-Version: 1.0' . "\r\n"; 
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; 
    $headers="From: $name_field <$email_field>" . "\r\n" . 
    'X-Mailer: PHP/' . phpversion(); 

    $body = "From: $name_field\n 
    Email Address: $email_field\n 
    Phone Number: $number_field\n 
    Car Make: $make_field\n 
    Year Model: $model_field\n 
    Vin Number: $vin_field\r 
    Location of vehicle: $location_field\n 
    Is the car locked: $locked_field\n 
    Are all keys lost: $lostKeys_field\n 
    Are they remote keys: $remoteKey_field\n 
    Additional Info: $info"; 

    header("Location: http://www.mysite.co.za/vehicle-security-key-duplication-thank-you.html"); 
    mail($to, $subject, $body, $headers); 

} 
} 
?> 

Answer 1

你可以驗證表單的輸入提交（在JavaScript中的個例）

之前你definitly應該控制你的數據在處理它之前在php：

根據官方格式VIN的，你可以使用正則表達式來驗證所提交的值是否有效：

$vin_field = (string) $_POST['vin']; 

if (!preg_match('/^(?:([A-HJ-NPR-Z]){3}|\d{3})(?1){2}\d{2}(?:(?1)|\d)(?:\d|X)(?:(?1)+\d+|\d+(?1)+)\d{6}$/', $vin_field)) { 
    // the value is not correct, you should not save here 
    // consider redirecting the user to the form page with an error 
} 

有一個stack overflow question有關驗證一個VIN格式用正則表達式。

對於javascript表單字段驗證，Internet中有很多方法。

還有一個Stack overflow question about it。

Answer 2

您可以檢查使用int strlen (string $string)函數的字符串的lenght，所以你的情況，你可以檢查你的變量是這樣的：

if (strlen($vinfield) != 17){ 
    ///do something 
} 

不過，我想首先是驗證您的輸入表單變量。就像使用HTML最大lenght標籤：

<input type="text" name="vin" maxlength="17" id="vin"> 

然後還要使用JavaScript來驗證，像這樣：

<script> 
function validate() { 
    submitFlag = true; 
    if(document.yourForm.vin.value.length != 17){ 
     submitFlag=false; 
     alert("ivalid length - 17 characters needed!"); 
    } 
    return submitFlag; 
} 
</script> 

，包括這在你的表單標籤：

onsubmit="return validate()"