发表新帖
发表新帖

PHP email form shooting blank emails

前端 未结
关注
4 2074
[愿得一人]
[愿得一人] 2020-12-06 23:02

I put together a simple PHP email form for a website, but it keeps sending blank emails every so often. Most of the the fields are \"required\" and I was using a captcha sys

相关标签:
4条回答
  • 悲哀的现实
    2020-12-06 23:45 
    <textarea name="message" cols="80" rows="7" required="required"></textarea>

    should be

    <textarea name="message" cols="80" rows="7" required></textarea>

    Are you writing XHTML or HTML?

    Validation on the server side is also recommended. See answers below on how to do it.

    0 讨论(0)
  • 既然无缘
    2020-12-06 23:46

    You will want to do validation on your PHP.

    http://www.w3schools.com/php/php_form_validation.asp

    Basically you will want to do the following:

    Security

        <?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = test_input($_POST["name"]);
  $email = test_input($_POST["email"]);
  $website = test_input($_POST["website"]);
  $comment = test_input($_POST["comment"]);
  $gender = test_input($_POST["gender"]);
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
?>

    Validation 

    if (!empty($email)){
    //your code to send email
}

    You could make it a little more complex if you want to check more than one thing.

    $fail_validation = FALSE;
if (empty($email)){
   $fail_validation = TRUE;

}
if (empty($phone)){
   $fail_validation = TRUE;

}
if ($fail_validation == FALSE){
  //code to send mail goes here
}

    Please note, this is very basic, and you may want to consider looking into some extra functions to secure the PHP. I would also suggest using a honeypot as an extra layer of security. https://stackoverflow.com/a/22103646/2547075

    0 讨论(0)
  • 鱼传尺愫
    2020-12-06 23:52

    That could happen if your HTML form and PHP are inside the same file while you're not checking if any of those inputs are empty or not. And if not in the same file, not checking for emptyness, still applies.

    You could be the victim of bots, or some joker visiting your site ever so often just to tick you off.

    Or that the form's method's URL is being accessed directly by someone or something, which is what I feel may be the issue here, since you do have required for your inputs.

    • Check your access logs.

    So, use a conditional !empty() against all your inputs.

    • http://php.net/manual/en/function.empty.php

    I.e.:

    Sidenote: || checks to see if one or any are empty.

    if( !empty($_POST['name']) || !empty($_POST['email']) ){

   $name = $_POST['name'];
   $email = $_POST['email'];

   // process mail

}

    You can add the other ones in.

    Or give your submit a name attribute:

    <input name="submit" type="submit" value="Submit" />

    Then check if the button is set and that the inputs are not empty:

    if(isset(_POST['submit'])){

    if(!empty($_POST['name']) || !empty($_POST['email']) ){

       $name = $_POST['name'];
       $email = $_POST['email'];

       // process mail

    }

}

    You should also use filters, for the email input:

    • http://php.net/manual/en/function.filter-var.php
    • http://php.net/manual/en/filter.examples.validation.php

    Plus, if you decide to use radios/checkboxes later on, use isset() against those.

    Sidenote:

    You could add a checkbox to your form to check if it was checked or not, and handle it with a conditional statement.

    Footnotes:

    "Most of the the fields are "required" and I was using a captcha system for a while, but the blank emails kept coming."

    There isn't any captcha code in your question to support this.

    N.B.:

    The required attribute only works in HTML5 supported browsers. Therefore, if any of those bots or visitors to your site are using a browser that doesn't support HTML5, or technology that can bypass it, then that too could be another (contributing) factor.

    0 讨论(0)
  • 滥情空心
    2020-12-07 00:01

    But for some reason you're getting blank emails, possibly from robots

    pretty much answered your question. Robots can be pretty advanced and break certain Captcha'a as well to post blank post requests. You should check if the post requests are not empty.

    The unbreakable captcha's are the ones you've written yourself (and not spread be-hound your website until it becomes popular) or the recently introduced one from Google. give it a try (once you've checked for empty values)

    0 讨论(0)
 看不清?
提交回复
热议问题