每次页面刷新时,PHP联系表格都会发送电子邮件 [英] PHP contact form sending email every time the page is refreshed
问题描述
以下是我的代码格式:
if(isset($ _ POST ['submit'])){
if($ _POST ['email'] ==''|| $ _FILES ['file_upload'] =='' || $ _POST [fname] ==''|| $ _POST [lname] ==''|| $ _POST [message] ==''){
echo'< p class =red-info>请填写所有字段< / p>';
}其他{
$ from_email = $ _POST ['email']; //来自邮件,这对某些主机是强制性的
$ recipient_email ='myemail@gmail.com'; //收件人电子邮件(大多数情况下是您的个人电子邮件)
//从HTML表单捕获POST数据并对它们进行清理,
$ sender_fname = filter_var($ _ POST [fname], FILTER_SANITIZE_STRING); //发件人名称
$ sender_lname = filter_var($ _ POST [fname],FILTER_SANITIZE_STRING); //发件人姓名
$ sender_phone_1 = filter_var($ _ POST [phone_1],FILTER_SANITIZE_STRING); //发件人姓名
$ sender_phone_2 = filter_var($ _ POST [phone_2],FILTER_SANITIZE_STRING); //发件人名称
$ sender_phone_3 = filter_var($ _ POST [phone_3],FILTER_SANITIZE_STRING); //发件人姓名
$ sender_phone = $ sender_phone_1。 ''。 $ sender_phone_2。 ''。 $ sender_phone_3; //发件人姓名
$ reply_to_email = filter_var($ _ POST [email],FILTER_SANITIZE_STRING); //在回复标题中使用的发件人电子邮件
$ subject ='联系表'; //从HTML表单获取主题
$ message = filter_var($ _ POST [message],FILTER_SANITIZE_STRING); //消息
/ * //不要忘记验证空字段
if(strlen($ sender_name)< 1){
die('Name is too short或空!');
}
* /
//获取上传的文件数据
$ file_tmp_name = $ _FILES ['file_upload'] ['tmp_name'];
$ file_name = $ _FILES ['file_upload'] ['name'];
$ file_size = $ _FILES ['file_upload'] ['size'];
$ file_type = $ _FILES ['file_upload'] ['type'];
$ file_error = $ _FILES ['file_upload'] ['error'];
$ b $ if($ file_error> 0){
die('Upload error or No files uploaded');
}
//从上传的文件中读取& base64_encode邮件内容
$ handle = fopen($ file_tmp_name,r);
$ content = fread($ handle,$ file_size);
fclose($ handle);
$ encoded_content = chunk_split(base64_encode($ content));
$ boundary = md5(sanwebe);
// header
$ headers =MIME-Version:1.0 \r\\\
;
$ headers。=From:。 $ from_email。 \r\\\
;
$ headers。=回复:。 $ reply_to_email。 。 \r\\\
;
$ headers。=Content-Type:multipart / mixed; boundary = $ boundary \r\\\
\r\\\
;
//纯文本
$ body = - $ boundary \r\\\
;
$ body。=Content-Type:text / plain; charset = ISO-8859-1 \r\\\
;
$ body。=Content-Transfer-Encoding:base64\r\\\
\r\\\
;
$ body。=< br />名字:。 $ sender_fname;
$ body。=< br />姓氏:。 $ sender_lname;
$ body。=< br />电话:。 $ sender_phone;
$ body。=< br /> Message:;
$ body。= chunk_split(base64_encode($ message));
//附件
$ body。= - $ boundary \r\\\
;
$ body。=Content-Type:$ file_type; name =。 $ file_name。 \r\\\
;
$ body。=Content-Disposition:attachment; filename =。 $ file_name。 \r\\\
;
$ body。=Content-Transfer-Encoding:base64 \r\\\
;
$ body。=X-Attachment-Id:。兰特(1000,99999)。 \r\\\
\r\\\
;
$ body。= $ encoded_content;
$ sentMail =邮件($ recipient_email,$ subject,$ body,$ headers);
if(isset($ sentMail))//输出成功或失败消息
{
echo'< p class =green-info>您的电子邮件已被提交!很快联系。< / p>';
echo< script> document.contact.reset();< / script>;
header(location:contect.php);
} else {
die('无法发送邮件!请检查您的PHP邮件配置。');
$ sender_lname = filter_var($ _ POST [fname],FILTER_SANITIZE_STRING); $ sender_lname = filter_var($ _ POST [ lname],FILTER_SANITIZE_STRING);
如果刷新浏览器,它们倾向于缓存最后的POST请求。您可能会被问到是否要重新提交表单数据。尝试添加一个带有令牌散列值的隐藏字段。
< input type =hiddenname =tokenvalue =someHashValue> p>
执行会话以比较提交的令牌与存储在 $ _ SESSION 中的令牌。
session_start();
session_regenerate_id(); //正确使用,有助于防止会话固定;
$ _SESSION ['token'] =someHashValue; //对于每个页面加载必须是唯一的。
使用一个好的散列函数来创建令牌。我会避开 md5 和 sha1 。
基本上......
if($ _ SESSION ['token'] === $ _POST ['token'])
{
//好。您想要过滤,验证并尽早检查。
//无论你做什么,只要保持一致。
}
另外,请小心使用文件名( $ file_name = $ _FILES ['file_upload'] ['name']; )由您的代码中的浏览器提供。大多数人会说找到一种不使用它的方法,但是如果你这样做了,你仍然需要以某种方式过滤和验证它。重新命名文件可能是合适的。检查文件大小也是一个好主意。不要过分依赖文件大小位上的 php.ini 。如果文件类型很重要,您甚至可以在接受文件之前尝试检查文件。
最后,如果您要使用PHP过滤器函数,使用 filter_input_array()和 INPUT_POST 作为POST数据可能是一个好主意。对于 $ _ FILES superglobal,我做了一个单独的例程来验证它(但是,您不能使用 filter_input_array()为了那个原因)。祝你好运!你在路上!
PHP contact form sends email every time the page is refreshed. If user sends his message once and refreshes again, the same message is sent again. This happens every time the page is refreshed.
Here is my code form the form:
if (isset($_POST['submit'])) {
if ($_POST['email'] == '' || $_FILES['file_upload'] == '' || $_POST["fname"] == '' || $_POST["lname"] == '' || $_POST["message"] == '') {
echo '<p class="red-info">Please Fill All The Fields</p>';
} else {
$from_email = $_POST['email']; //from mail, it is mandatory with some hosts
$recipient_email = 'myemail@gmail.com'; //recipient email (most cases it is your personal email)
//Capture POST data from HTML form and Sanitize them,
$sender_fname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING); //sender name
$sender_lname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_1 = filter_var($_POST["phone_1"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_2 = filter_var($_POST["phone_2"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_3 = filter_var($_POST["phone_3"], FILTER_SANITIZE_STRING); //sender name
$sender_phone = $sender_phone_1 . ' ' . $sender_phone_2 . ' ' . $sender_phone_3; //sender name
$reply_to_email = filter_var($_POST["email"], FILTER_SANITIZE_STRING); //sender email used in "reply-to" header
$subject = 'Contact Form'; //get subject from HTML form
$message = filter_var($_POST["message"], FILTER_SANITIZE_STRING); //message
/* //don't forget to validate empty fields
if(strlen($sender_name)<1){
die('Name is too short or empty!');
}
*/
//Get uploaded file data
$file_tmp_name = $_FILES['file_upload']['tmp_name'];
$file_name = $_FILES['file_upload']['name'];
$file_size = $_FILES['file_upload']['size'];
$file_type = $_FILES['file_upload']['type'];
$file_error = $_FILES['file_upload']['error'];
if ($file_error > 0) {
die('Upload error or No files uploaded');
}
//read from the uploaded file & base64_encode content for the mail
$handle = fopen($file_tmp_name, "r");
$content = fread($handle, $file_size);
fclose($handle);
$encoded_content = chunk_split(base64_encode($content));
$boundary = md5("sanwebe");
//header
$headers = "MIME-Version: 1.0\r\n";
$headers .= "From:" . $from_email . "\r\n";
$headers .= "Reply-To: " . $reply_to_email . "" . "\r\n";
$headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n";
//plain text
$body = "--$boundary\r\n";
$body .= "Content-Type: text/plain; charset=ISO-8859-1\r\n";
$body .= "Content-Transfer-Encoding: base64\r\n\r\n";
$body .= "<br />First Name:" . $sender_fname;
$body .= "<br />Last Name:" . $sender_lname;
$body .= "<br />Phone:" . $sender_phone;
$body .= "<br />Message:";
$body .= chunk_split(base64_encode($message));
//attachment
$body .= "--$boundary\r\n";
$body .= "Content-Type: $file_type; name=" . $file_name . "\r\n";
$body .= "Content-Disposition: attachment; filename=" . $file_name . "\r\n";
$body .= "Content-Transfer-Encoding: base64\r\n";
$body .= "X-Attachment-Id: " . rand(1000, 99999) . "\r\n\r\n";
$body .= $encoded_content;
$sentMail = mail($recipient_email, $subject, $body, $headers);
if (isset($sentMail)) //output success or failure messages
{
echo '<p class="green-info">Your Email Has Been Submitted!We will contact soon.</p>';
echo "<script>document.contact.reset();</script>";
header("location: contect.php");
} else {
die('Could not send mail! Please check your PHP mail configuration.');
}
}
}
$sender_lname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING); Should be, $sender_lname = filter_var($_POST["lname"], FILTER_SANITIZE_STRING);
If you are refreshing a browser, they tend to cache the last POST request. You may be asked if you want to re-submit form data. Try adding a hidden field with a hash value for a token.
<input type="hidden" name="token" value="someHashValue">
Implement sessions to compare the submitted token against the one stored in $_SESSION.
session_start();
session_regenerate_id(); //Used properly, helps deter session fixation;
$_SESSION['token'] = "someHashValue"; //Must be unique for each page load.
Use a good hashing function to create the token. I would steer clear of md5 and sha1.
Basically...
if($_SESSION['token'] === $_POST['token'])
{
//Good. You want to filter, validate, and check this early on.
//Whatever you do, just be consistent.
}
Also, be wary of using the file name ($file_name = $_FILES['file_upload']['name'];) supplied by the browser in your code. Most would say find a way not to use it, but if you do, you still need to filter and validate it in some way. Re-naming the file might be appropriate. Checking the file size is a good idea, too. Don't rely too heavily on the php.ini on the file size bit. If file type matters, you can even try to inspect the file before accepting it.
Lastly, when you get there, if you are going to use PHP filter functions, it may be a good idea to use filter_input_array() with INPUT_POST for your POST data. For the $_FILES superglobal, I made a separate routine just for validating it (but, you cannot use filter_input_array() for that). Good luck! You are on your way!
这篇关于每次页面刷新时,PHP联系表格都会发送电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
