1
我的Web表單位於HTTPS頁面上,具有JavaScript驗證和後端PHP驗證以檢查空白字段。表單工作(發送電子郵件)並按預期返回錯誤。PHP POST安全
我每天收到一封空白的電子郵件。我能想到的唯一的事情是POST是脆弱的。
如何確保POST操作=「URL」?或者這不是脆弱的?
我的形式(縮短):
<form id="itsp-form" method="post" action="http://www.website.com/save_itsp.php">
<label class="custom">Company name</label>
<input id="company_name" type="text" name="company_name" />
...
<input type="submit" id="submit" value="Submit" />
</form>
<div id="errors"></div>
</div>
<script>
$('#submit').click(function() {
$('.error').hide();
var hasError = false;
var emailReg = /^([\w-\.][email protected]([\w-]+\.)+[\w-]{2,4})?$/;
if (($("#company_name").val() == '') || ($("#type_of_business[]").val() == '')) {
$("#errors").after('<span class="error">Please enter your Company name.</span>');
hasError = true;
}
if(hasError == true) { return false; }
});
我的PHP文件:
function died($error) {
echo "We are very sorry, but there were blank fields found with the form you
submitted. ";
$link_address = 'http://www.website.com/url/itsp';
echo "<a href='".$link_address."'>Click to Go Back<br/></a>";
die();
}
if (isset($_POST['company_name']))
{
$errors = "";
//validate and sanitize company name
if ($_POST['company_name'] != "")
{
$_POST['company_name'] = filter_var($_POST['company_name'], FILTER_SANITIZE_STRING);
$company_name = $_POST['company_name'];
}
else
died();
/*****Email*****/
$to = "email";
$subject = "New ITSP Submission";
$message1 = "A new ITSP has submitted their information:
<br/>Company Name: " . $company_name . "
<br/>"; // . . .
$headers = "MIME-Version: 1.0\n";
mail($to,$subject,$message1,$headers);
header("location: http://www.website.com/dir/itsp-confirmation/");
是否確定電子郵件爲空白,是否包含一些不可見字符(如空格或非空格)? –
爲什麼downvote?似乎有一個合理的問題,OP已經明確包含了代碼。 –
查看電子郵件時,沒有空白。 – DDDD