从检查元素

Question

隐藏'”>'我有这样的HTML和PHP联系表格：

<?php 

$valid = true; 
$errors = array(); 
$contact = array(
'name' => null, 
'email' => null, 
'message' => null 
); 

// Check if the form has been posted 
if (isset($_POST['name'], $_POST['email'], $_POST['message'])) { 
$contact = filter_input_array(INPUT_POST, array(
'name' => FILTER_SANITIZE_STRING, 
'email' => FILTER_SANITIZE_STRING, 
'message' => FILTER_SANITIZE_STRING, 
), true); 
if (empty($_POST['name'])) { 
$valid = false; 
$errors['name'] = "You must enter your name."; 
} 
if (empty($_POST['email'])) { 
$valid = false; 
$errors['email'] = "You must enter your email address."; 
} elseif (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) { 
$valid = false; 
$errors['email'] = "You must enter a valid email address."; 
} 
if (empty($_POST['message'])) { 
$valid = false; 
$errors['message'] = "You must enter a message and/or subject."; 
} 
if ($valid) { 
// The email address the email will be sent to 
$to = "email@outlook.com"; 
// The email subject 
$subject = $_POST['subject']; 
// Set the from and reply-to address for the email 
$headers = "From: ".$_POST['email']; 
"X-Mailer: PHP/" . phpversion(); 
// Build the body of the email 
$mailbody = "The contact form has been filled out.\n\n" 
. "Name: " . $_POST['name'] . "\n" 
. "Email: " . $_POST['email'] . "\n" 
. "Message:\n" . $_POST['message'] . "\n" 
. "IP: " . $_POST['userIP']; 
// Send the email 
mail($to, $subject, $mailbody, $headers); 
// Go to the thank you page 
header("location: contact.php"); 
exit; 
} 
} 
?> 

<div id="contactform"> 
<input type="text" class="field_a" name="name" value="<?php echo htmlspecialchars($contact['name']);?>" placeholder="Enter your name here"> 
<br> 
<br> 
<input class="field_a" name="email" type="email" value="<?php echo htmlspecialchars($contact['email']);?>" placeholder="And your email is?"> 
<br> 
<br> 
<input class="field_a" name="subject" type="text" value="<?php echo htmlspecialchars($contact['subject']);?>" placeholder="We need to know what your message is about"> 
<br> 
<br> 
<textarea class="field_b" name="message" rows="10" cols="25" placeholder="Finally, the message.."><?php echo htmlspecialchars($contact['message']);?></textarea> 
<br> 
<br> 
<input class="field_c" style="width:830px;" name="send_mail" type="submit" value="Ready to send your message to All Things Roblox? Click me!"> 
<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>"> 
</div> 
</form> 

我使用代码<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">来抓取用户的IP地址，但他们可以很容易地通过使用inspect元素来防止这段代码。

如何防止<input type="hidden" name="userIP" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">显示？

再次感谢！

Answer 1

千万不要通过客户端传递这些有价值的信息。相反，它在服务器端本身。在服务器端，您可以将有价值的数据发布到其他页面并在那里接收。

在这种情况下，您可以在服务器端（PHP）本身直接使用<?php echo $_SERVER['REMOTE_ADDR']; ?>获取IP地址。无需通过HTML传递它。

而不是做

$mailbody = "The contact form has been filled out.\n\n" 
. "Name: " . $_POST['name'] . "\n" 
. "Email: " . $_POST['email'] . "\n" 
. "Message:\n" . $_POST['message'] . "\n" 
. "IP: " . $_POST['userIP']; 

像这样在你的PHP代码更新

在这里，你可以直接调用

$mailbody = "The contact form has been filled out.\n\n" 
. "Name: " . $_POST['name'] . "\n" 
. "Email: " . $_POST['email'] . "\n" 
. "Message:\n" . $_POST['message'] . "\n" 
. "IP: " . $_SERVER['REMOTE_ADDR']; 

就这样就可以消除的需要隐藏的领域。