我試圖讓'選擇'發佈到我的電子郵件,其他輸入字段 做後,但不是選擇它驅使我堅果。請指教。另外任何 額外的建議,在SQL注入預防方法將不勝感激。選擇選項,電子郵件表格
HTML
<form action="contactform.php" method="post" >
<input type="text" name="name" placeholder="*Full Name">
<input type="text" name="email" placeholder="*Email">
<input type="tel" name="telephone"placeholder="*Telephone">
<input type="text" name="comments"class="feedback-input"id="comments"placeholder="*How can I help?">
<select name="selectoption">
<option value="first">First</option>
<option value="second">Second</option>
<option value="third">Third</option>
</select>
<input type="text" name="code" placeholder="1+2 =" />
<input type="submit"value="Send"class="button">
</form>
PHP
<?php
if(isset($_POST['email'])) {
if (strtolower($_POST['code']) != '3') {die('Wrong access code');}
$email_to = "";
$email_subject = "contact form submission";
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$comments = $_POST['comments']; // required
$selectoption = $_POST['selectoption']; // required
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
$email_message .= "Selectoption: ".clean_string($selectoption)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>
Thank you for contacting us. We will be in touch with you very soon.
<a href="#">return to website</a>
<?php
}
?>
thanks very much
Dan
你的第一個'$ email_message'實例是串聯的。你應該以'$ email_message =「」;'不是'$ email_message。=「」;' –
也是一個提示。在你乾淨的字符串函數中。你只是比較數組本身。你應該在該函數中運行一個循環來遍歷每個比較。 –
您的$ _POST變量需要更多衛生設施。我給你寫了這個快速功能,供將來參考。 '功能保護($ p) { \t $ p = stripslashes($ p); \t $ p = strip_tags($ p); \t $ p = preg_replace(「[^ A-Za-z0-9]」,「」,trim(trim($ p,「'」),''')); \t return $ p; } –