0
我要对表格进行保护,如果用户在使用表格之后要在一分钟内发送另一条消息,他应该拒绝。其他方式应该通过每一件事。表格发送验证
现在我得到像这样的观点:
<!-- If Success form message send display this -->
<?php if (isset($_GET['msgSuccessSent']) == 1) { ?>
<h1 class="page-title text-center">Dziękujemy za wysłanie wiadomości</h1>
<div class="text-center">
<a href="form.php" class="btn btn-default text-center">Wyślij kolejną wiadomość</a>
</div>
<?php } else { ?>
<?php if (isset($_GET['msgTimerError']) == 1) { ?>
<div id="errorMessage" class="alert alert-danger" role="alert">Przed wysłaniem kolejnej wiadomości musisz odczekać conajmniej minutę.</div>
<?php } ?>
<!-- If message isn't sent display form -->
<h1 class="page-title text-center">Formularz kontaktowy</h1>
<!-- Contact form -->
<form action="contact_send.php" method="post">
<!-- First name input -->
<div class="form-group">
<label for="firstName">Imię</label>
<input type="text" class="form-control" id="firstName" name="firstName" placeholder="Wpisz swoje imię">
</div>
<!-- Second name input -->
<div class="form-group">
<label for="secondName">Nazwisko</label>
<input type="text" class="form-control" id="secondName" name="secondName" placeholder="Wpisz swoje nazwisko">
</div>
<!-- Phone number input -->
<div class="form-group">
<label for="phoneNumber">Telefon kontaktowy</label>
<input type="tel" class="form-control" id="phoneNumber" name="phoneNumber" placeholder="Wpisz swój numer telefonu">
</div>
<!-- Email address input -->
<div class="form-group">
<label for="email">Adres e-mail</label>
<input type="email" class="form-control" id="email" name="email" placeholder="Wpisz swój adres e-mail">
</div>
<!-- Message textarea -->
<div class="form-group">
<label for="message">Treść wiadomości</label>
<textarea type="text" class="form-control" id="message" name="message" rows="3"></textarea>
</div>
<!-- Send message button -->
<button type="reset" class="btn btn-default">Wyczyść formularz</button>
<button type="submit" class="btn btn-default pull-right">Wyślij</button>
</form>
<!-- Contact form end -->
<!-- End of If message isn't sent display form -->
<?php } ?>
这是我contact_send.php文件:如果在数据库中存在一行用户IP和日期
<?php
// Uncomment if you want to use session to check last form send
session_start();
$_SESSION['time'] = date('H:i:s');
header('Content-type: text/plain; charset=utf-8');
# Database connection settings
$dbHost = 'localhost'; // database hostname
$dbName = 'contactForm'; // database name
$dbUser = 'root'; // database user name
$dbPswd = ''; // database password
// Set connection
$connectionDb = new mysqli($dbHost, $dbUser, $dbPswd, $dbName);
// Check connection
if ($connectionDb->connect_error) {
die("Connection failed: " . $connectionDb->connect_error);
}
mysqli_set_charset($connectionDb, 'utf8'); // change charset for mysqli to utf8
# Require ContactSend and DatabaseQuery class
require 'contact.class.php';
# Get ContactSend class
$sendEmail = new ContactSend();
$ipAddress = $_SERVER['REMOTE_ADDR']; // get user ip address
$currentDate = date('Y-m-d H:i:s'); // get Date time when user send form
# ***
# Here I check if time of last form send is greater than minute
# ***
$sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$_SERVER[REMOTE_ADDR]' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE)";
if ($connectionDb->query($sqlCheck) === TRUE) {
$sendEmail->redirectToForm('form.php?msgTimerError=1');
} else {
// insert form values into database
$sqlQueryInsert =
"INSERT INTO contactForm (
firstName,
secondName,
phoneNumber,
email,
message,
dateSend,
ipAddress)
VALUES (
'$_POST[firstName]',
'$_POST[secondName]',
'$_POST[phoneNumber]',
'$_POST[email]',
'$_POST[message]',
'$currentDate',
'$ipAddress'
)";
// if data was save send mail and redirect to form
if ($connectionDb->query($sqlQueryInsert) === TRUE) {
# Get Parametrs from form
$sendEmail->sendTo = "[email protected]"; // here insert your email address that you want get mails
$sendEmail->subject = "Tytuł wiadomości"; // here insert Subject of email
$sendEmail->firstName = $_POST['firstName']; // get user first name
$sendEmail->secondName = $_POST['secondName']; // get user second name
$sendEmail->phoneNumber = $_POST['phoneNumber']; // get user phone number
$sendEmail->email = $_POST['email']; // get user email address
// make mail content and insert form values into it
$sendEmail->message = "
Imię: " . $_POST['firstName'] . "
Nazwisko: " . $_POST['secondName'] . "
Numer telefonu: " . $_POST['phoneNumber'] . "
Adres email: " . $_POST['email'] . "
Wiadomość: " . $_POST['message'];
$sendEmail->mailSender(); // send mail
} else {
echo "Error: " . $sqlQueryInsert . "<br>" . $connectionDb->error; // display error if database connection or query has error
}
// close connection to database
$connectionDb->close();
// redirect to form
$sendEmail->redirectToForm('form.php?msgSuccessSent=1');
}
?>
$msgTimerError
应显示的创造少于其他方式,它应该只显示表单。
$sqlCheck
是在数据库中检查,如果如果它不将其与msgTimerError=1
重定向用户form.php
与方法得到最后的形式发送的时间大于分钟以上,否则会增加新的表单值的数据库和发送邮件。
感谢您与我们分享的状态报告。有*问题*吗? – spencer7593
'if($ connectionDb-> query($ sqlCheck)=== TRUE)'是错误的方法。您需要检查该行是否存在。这只会告诉你,如果查询没有失败。 –
有没有简单的方法来检查sql查询是否从数据库中获取了某些东西? – kuchar