问题
I have searched and tried multiple ways of doing this, but nothing seems to work out as planned. I am trying to set up a contact form and use
<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
as the form action, not sure if that is needed nowadays, but that's why I am asking, I don't want any injections going on. The form is working the way I want it to and sending the mail, except it is sending the mail every single time the page loads, whether there is information in the box or errors come up. There are two things I would like some help on here.
Properly displaying a thank you message in a < span > element at the bottom of form, a modal popup or a bootstrap alert message.
I need the propper isset function to make this one page mailer work and only on POST when the submit < button > is clicked.
Below I will put all the PHP and html form code I have, currently. Thank you in advanced.
<?php
// define variables and set to empty values
$nameErr = $emailErr = $ethaddressErr = $txhashErr = $messagesErr = "";
$name = $email = $ethaddress = $txhash = $messages = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Valid Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["ethaddress"])) {
$ethaddress = "";
} else {
$ethaddress = test_input($_POST["ethaddress"]);
if (!preg_match("/^(0x)?[0-9a-f]{40}$/i",$ethaddress)) {
$ethaddressErr = "Invalid ETH Address Format";
}
}
if (empty($_POST["txhash"])) {
$txhash = "";
} else {
$txhash = test_input($_POST["txhash"]);
if (!preg_match("/^(0x)?[0-9a-f]{64}$/i",$txhash)) {
$txhashErr = "Invalid Ethereum Transaction Hash Format";
}
}
if (empty($_POST["messages"])) {
$messages = "";
} else {
$messages = test_input($_POST["messages"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form id="my-form" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group has-feedback">
<label for="name" class="control-label sr-only">Name</label>
<input type="text" name="name" value="<?php echo $name;?>" required placeholder="Please Enter Your Name" autofocus class="form-control" id="firstname" /><i aria-hidden="true" class="form-control-feedback fa fa-user"></i></div>
<span class="error"><?php echo $nameErr;?></span>
<div class="form-group has-feedback">
<label for="ethaddress" class="control-label sr-only">ETH Address</label>
<input type="text" name="ethaddress" value="<?php echo $ethaddress;?>" placeholder="ERC20 Compliant ETH Address" class="form-control" id="lastname" /><i aria-hidden="true" class="form-control-feedback fa fa-link"></i></div>
<span class="error"><?php echo $ethaddressErr;?></span>
<div class="form-group has-feedback">
<label for="txhash" class="control-label sr-only">TxHash</label>
<input type="text" name="txhash" value="<?php echo $txhash;?>" placeholder="Transaction Hash of Purchase, if applicable" class="form-control" id="phonenumber" /><i aria-hidden="true" class="form-control-feedback fa fa-hashtag"></i></div>
<span class="error"><?php echo $txhashErr;?></span>
<div class="form-group has-feedback">
<label for="email" class="control-label sr-only">Email Address</label>
<input type="text" name="email" required value="<?php echo $email;?>" placeholder="Please Enter Valid Email Address" class="form-control" id="email" /><i aria-hidden="true" class="form-control-feedback fa fa-envelope"></i></div>
<span class="error"><?php echo $emailErr;?></span>
<div class="form-group has-feedback">
<label for="messages" class="control-label sr-only">Additional comments for the team</label>
<textarea rows="8" name="messages" placeholder="Additional Comments for the Team" required class="form-control"><?php echo $messages;?></textarea><i aria-hidden="true" class="form-control-feedback fa fa-pencil"></i></div>
<span class="error"><?php echo $messagesErr;?></span>
<button class="btn btn-default btn-lg" type="submit" name="submit" id="form-btn">SEND </button>
</form>
<?php
$to = "hashguide@biopaycoin.com";
$subject = "BioPayCoin Contact Form Submission";
$name = $_POST["name"];
$messages = $_POST["messages"];
$email = $_POST["email"];
$ethaddress = $_POST["ethaddress"];
$txhash = $_POST["txhash"];
$message = $name . " sent you a message" . "\r\n" . $email . "\r\n" . $ethaddress . "\r\n" . $txhash . "\r\n" . $messages;
$headers = "From: BPC-Contact-form@biopaycoin.com" . "\r\n" .
"CC: hash.guide@gmail.com";
mail($to,$subject,$message,$headers);
?>
回答1:
From what I see you are calling mail($to,$subject,$message,$headers); in the end of the file in every page load. you should put this part in the condition that check if $_POST is set or not.
来源:https://stackoverflow.com/questions/47132803/having-trouble-with-php-mail-function-using-htmlspecialchars-mail-sends-every