隐藏表单字段 - 我做错了什么？

Question

我试图阻止垃圾邮件与我的形式之一使用隐藏字段的技巧，但由于某种原因，它不工作。当我填写应该留空的字段时，表单就像正常一样提交。

我的php有什么问题吗？ （我想这就是我的问题所在）： 这是验证隐藏字段代码（见我的窗体顶部）：

if(!empty($_POST['email'])){ die('Stop Spamming'); } 

下面是完整的PHP形式：

<? 
session_start(); 
include("verification_image.class.php"); 
$image = new verification_image(); 
if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") { 
    header('Location: http://www.domain.com/fail.htm'); 
    exit; 
} 

if(!empty($_POST['email'])){ die('Stop Spamming'); } 

$to = "email@domain.co.za"; 
$bcc = "email@domain.co.za"; 
$from = $_POST['contactemail']; 
$subject = "INTERESTED ADVERTISER"; 

$sbody = '<table width="420" height="135" border="0" align="center" 
cellpadding="0" cellspacing="0"> 
      <!--DWLayoutTable--> 
      <tr> 
       <td height="90" colspan="5"><div align="center">Reservation &amp; 
Enquiries Submission Form </div></td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Full Name</span></td> 
       <td width="180" valign="top">'.$_POST['contactname'].'</td> 
       <td width="42">&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Contact number</span></td> 
       <td valign="top">'.$_POST['contactnumber'].'</td> 
       <td>&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Email</span></td> 
       <td valign="top">'.$_POST['contactemail'].'</td> 
       <td>&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="35" colspan="3" align="center" valign="bottom"><span 
class="style7">Query</span></td> 
       <td colspan="2" rowspan="2" 
valign="middle">'.$_POST['contactquery'].'</td> 
      </tr> 
      <tr> 
       <td width="84" height="108" align="center" valign="middle"> 
<!--DWLayoutEmptyCell-->&nbsp;</td> 
       <td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->& 
nbsp;</td> 
       <td width="17">&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="17"></td> 
       <td></td> 
       <td></td> 
       <td></td> 
       <td></td> 
      </tr> 
      </table>'; 
$sBodyNew = '<style type="text/css"> 
<!-- 
.style { 
font-family: Arial; 
font-size: 12px; 
color: #4D241E; 
} 
body { 
background-image: url(); 
background-color: #F1EAE4; 
} 
.style1 {font-size: 14px} 
--> 
</style> 
<p>&nbsp;</p> 
<table width="420" border="0" align="center" cellpadding="0" cellspacing="5"> 
<tr> 
<td><table width="100%" border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF" 
class="style"> 
    <tr> 
    <td colspan="2" valign="top"><div align="center"><strong><span 
class="style1">Website Deal</span><br> 

&nbsp;.................................................................</strong><br> 
&nbsp;</div></td> 
    </tr> 
    <tr> 
    <td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong> 
</div></td> 
    <td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td> 
    </tr> 
    <tr> 
    <td valign="top"><div align="left"><strong>Name</strong></div></td> 
    <td valign="top">'.$_POST['contactname'].'</td> 
    </tr> 
    <tr> 
    <td valign="top"><div align="left"><strong>Contact Number</strong></div></td> 
    <td valign="top">'.$_POST['contactnumber'].'</td> 
    </tr> 
    <tr> 
    <td valign="top"><div align="left"><strong>Email</strong></div></td> 
    <td valign="top">'.$_POST['contactemail'].'</td> 
    </tr> 
    <tr> 
    <td valign="top"><div align="left"><strong>Query</strong></div></td> 
    <td valign="top">'.$_POST['contactquery'].'</td> 
    </tr> 
</table></td> 
</tr> 
</table> 
';    
$headers = "From: $from\r\n"; 
$headers .= "Content-type: text/html\r\n"; 
$success = mail($to, $subject, $sBodyNew, $headers);    
header('Location: http://www.domain.com/success.htm'); 
?> 

继承人这个是我加入到我的HTML表单：

<label> 
<input type="text" class="email" name="email" id="email" /> 
</label> 

而且继承人的HTML表单：

<form action="process_advertise.php" method="post" name="order" 
onSubmit="MM_validateForm('contactname','','R','contactnumber','','R','contactemail', 
'','RisEmail','validate','','R','contactquery','','R');return document.MM_returnValue"> 
      <input name="success" type="hidden" 
value=http://www.domain.com/success.htm> 
      <table width="465" border="0" cellspacing="0" cellpadding="0"> 
      <!--DWLayoutTable--> 
      <tr> 
       <td width="465" height="387" valign="top"><span class="style66">NAME: 
       <input name="contactname" type="text" id="contactname" /> 
       </span><br /> 
       <span class="style66">CONTACT NUMBER:</span> 
       <input name="contactnumber" type="text" id="contactnumber" /> 
       <br /> 
       <span class="style66">EMAIL: 
       <input name="contactemail" type="text" id="contactemail" /> 
                          </span><br /> 
       <span class="style66">QUERY:</span> 
           <textarea name="contactquery" cols="40" rows="8" 
id="contactquery"></textarea> 
           <br /> 
       <br /> 
       <input type="text" class="email" name="email" id="email" /> 
       <br /> 
       <br /> 
       <img src="picture.php" /><br /> 
       <span class="style57 style16"><em>Please enter character<br /> 
as listed above</em></span><br /> 
<input name="validate" type="text" id="validate" /> 
<br /> 
<input type="reset" name="button2" id="button2" value="Reset" /> 
<input type="submit" name="button" id="button" value="Submit" /></td> 
      </tr> 
      </table> 
</form> 

任何人都知道我在做什么错了？

============================================== ========================= 问题解决：

好吧，我已经测试了表单，现在它的工作！ 我不是它为什么不早点工作，但对于那些谁想要知道......我所有的编码有是正确的，除了我从我的处理PHP形式移除了这个代码：

$sbody = '<table width="420" height="135" border="0" align="center" 
cellpadding="0" cellspacing="0"> 
      <!--DWLayoutTable--> 
      <tr> 
       <td height="90" colspan="5"><div align="center">Reservation &amp; 
Enquiries Submission Form </div></td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Full Name</span></td> 
       <td width="180" valign="top">'.$_POST['contactname'].'</td> 
       <td width="42">&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Contact number</span></td> 
       <td valign="top">'.$_POST['contactnumber'].'</td> 
       <td>&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="25" colspan="3" align="center" valign="middle"><span 
class="style7">Email</span></td> 
       <td valign="top">'.$_POST['contactemail'].'</td> 
       <td>&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="35" colspan="3" align="center" valign="bottom"><span 
class="style7">Query</span></td> 
       <td colspan="2" rowspan="2" 
valign="middle">'.$_POST['contactquery'].'</td> 
      </tr> 
      <tr> 
       <td width="84" height="108" align="center" valign="middle"> 
<!--DWLayoutEmptyCell-->&nbsp;</td> 
       <td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell-->& 
nbsp;</td> 
       <td width="17">&nbsp;</td> 
      </tr> 
      <tr> 
       <td height="17"></td> 
       <td></td> 
       <td></td> 
       <td></td> 
       <td></td> 
      </tr> 
      </table>'; 

此代码是greg0rie没有必要指出

Answer 1

代码注入的方式太多了。 你应该使用filter_var函数来最小化它。 为了验证电子邮件的使用（至少不只是）：

if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
{ 
    echo("E-mail is not valid"); 
}else{ 
    echo("E-mail is valid"); 
} 

代码的该行似乎是奇怪：

if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") { 

不会很容易这样？

if (!($image->validate_code($_POST['validate'])){