-1
這裏是HTML代碼: - https://pastebin.com/Rc3AGC8x的HTML腳本無法形式的投訴值發送到PHP腳本
<html>
<body bgcolor="#ccccb3">
<script type="text/javascript">
function hello(min,max) {
var x;
x= Math.floor(Math.random()*(max-min+1)+min);
document.getElementById("complaint").value =x;
//document.write(x);
};
</script>
<center>
<form action="http://localhost/PHPMailer-master/" method="post">
<p>Name: <input id="n" placeholder="Name" name="n" required></p>
<p>E-Mail: <input id="e" placeholder="Email Address" type="email" name="e" required></p>
<p> <textarea id="m" placeholder="write your message here" name="m" rows="10" required></textarea></p>
<p><input id="mybtn" type="submit" value="Submit Form" onClick="hello(112,78945)"></p>
<input type="hidden" value="The complaint id is : #" id="complaint" name="complaint">
<!--<p>Clicks: <a id="clicks">0</a></p>-->
</form>
</center>
</body>
</html>
這裏是PHP代碼: - https://pastebin.com/g0Cnh8iR
<?php
require 'PHPMailerAutoload.php';
$mail = new PHPMailer;
//$mail->SMTPDebug = 3; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = '[email protected]'; // SMTP username
$mail->Password = '*******'; // SMTP password
$mail->SMTPSecure = 'ssl'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 465; // TCP port to connect to
if(isset($_POST['n']) && isset($_POST['e']) && isset($_POST['m'])){
$n = $_POST['n'];
$e = $_POST['e'];
$m = nl2br($_POST['m']);
$c = $_POST['complaint'];}
else{
$n='';
$e='';
$m='';
$c='245';
}
$mail->setFrom('[email protected]', 'Panasonic');
$mail->addAddress('[email protected]', 'Pragzz'); // Add a recipient
//$mail->addAddress('[email protected]'); // Name is optional
//$mail->addReplyTo('[email protected]', 'Information');
//$mail->addCC('[email protected]');
//$mail->addBCC('[email protected]');
//$mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments
//$mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name
$mail->isHTML(true); // Set email format to HTML
$mail->Subject = 'Complaint Number: '.$c;
$mail->Body = '<b>Name:</b> '.$n.' <br><b>Email:</b> '.$e.' <p><b>Message: </b>'.$m.'</p>';
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
if(!$mail->send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
echo 'Message has been sent. Your complaint will be attended within 48 hours. Your complaint No. is '.$c;
}
?>
密碼和用戶名字段已被故意刪除。
HTML腳本包含隱藏類型的表單字段,其中投訴爲ID。
它無法從javascript函數取值併發送到php代碼。
您的代碼有嚴重的安全漏洞;請閱讀SQL注入 – Rushikumar
單擊按鈕觸發表單提交。在這種情況下,您不應該期望瀏覽器執行其他腳本任務。這是什麼目的?如果您只需要一個隨機值,那麼您可以直接在PHP中創建一個... – CBroe
@Rushikumar:SQL注入漏洞在哪裏? – David