2014-01-21 08:46
浏览 57

jQuery Ajax表单发布到PHP空白信息

I'm using the following jQuery and PHP where people fill in a form, jQuery then goes through the fields, validates there is content and if everything is filled in correctly it will send to PHP which then formats the email and sends.

The problem is when I am trialing it, it works fine but I have received emails with the line headings such as Name: and Email: etc but the user input content is blank.

Could it be possible that search engines are crawling the site and come across the PHP file and this is why it sends blank data?


    var arr = [];
    $('.form input').each(function(index, element) {
        var i = $(this).prop('id');
        var v = $(this).val();
        var obj = {key: i, val: v};
    arr.push({key:"subject", val: $('.subject .active').text()});
    arr.push({key:"comments", val: $('#comments').val()});
    var param = {};
    $.each(arr, function() {
        param[this.key] = this.val;
    var sValid;
    var isValid = !$('#name, #company, #tel, #comments').filter(function() {return !this.value;}).length;
    var eValid = validateEmail($('#email').val());
    if ($('.subject span').hasClass("active")) {
        sValid = true;
    } else {
        sValid = false;
    if (isValid && sValid && eValid){
            type: "POST",
            url: "/assets/inc/contact.php",
            data: param,
            dataType: "json",
            success: function(data) {
                $('.form span').removeClass('active');
                if (data.sent == 1){
                    $('.form-response h1').text('Form is sent! We\'ll be in touch soon');
                } else {
                    $('.form-response h1').text('Form not sent! Please check all fields are filled in.');
                $('.form input, .form textarea').val('');
                $('.form label').css({'opacity':1, 'display':'block'});
                $('.form span').removeClass('active');
    } else {
        $('.form-response h1').text('Form not sent! Please check all fields are filled in.');


$name       = $_POST['name'];
$email      = $_POST['email'];
$company    = $_POST['company'];
$tel        = $_POST['tel'];
$subject    = $_POST['subject'];
$comments   = $_POST['comments'];

$to      = '';
$subject = $subject;
$message = '
Name: '.$name.'<br>
Email: '.$email.'<br>
Company: '.$company.'<br>
Tel: '.$tel.'<br><br><hr><br><br>
Comments: '.$comments.'<br>
$headers = 'From:' . "
" .
    'X-Mailer: PHP/' . phpversion();
$headers .= 'Content-Type: text/html; charset=utf-8';

// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "
$headers .= 'Content-type: text/html; charset=utf-8' . "

// Additional headers
$headers .= 'From: '.$name.' <'.$email.'>' . "

$sent = mail($to, $subject, $message, $headers);

    $sent = 1;
} else {
    $sent = 0;
$post_data = json_encode(array('sent' => $sent));
echo $post_data;
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

6条回答 默认 最新

  • douyao2529 2014-01-21 09:43

    I found that going directly to the .php file which executes the above would send the file. I think that it was crawled or someone looked at my code directly and checked out the PHP file.

    I have taken car of it by wrapping my PHP with the following

    if (!empty($name) and !empty($email) and !empty($company) and !empty($tel) and !empty($subject) and !empty($comments)) {
        // my code to send the form
    } else {
        $post_data = json_encode(array('sent' => 'no'));
        echo $post_data;    
    点赞 评论
  • duanqiu2064 2014-01-21 08:53

    I would suggest you check your access logs and compare the timing. But I doubt this is the case.

    I also noticed you don't make any checks on the server side. Fix that and you can see if u r getting empty string from the jQuery. At least it will point to the direction of the problem.

    点赞 评论
  • drudmb2594 2014-01-21 08:56
    1. First you should add some CAPTCHA in the form.

    2. Make sure your validations are properly working

    3. In you PHP code you should add some condition whether data has been posted or not like

      if(count($_POST)){   // or if(isset($_POST['sub'])) //  some parameter
        // all code in between
    4. Add some validation in server side code that is PHP code. Like if name or email is empty then do not send email but send an error back to user

    点赞 评论
  • du6333137 2014-01-21 09:28

    Captcha is probably more safe but it raises the threshold for most users to fill out a form. If that is a problem, you can try a honeypot strategy for your server side validation.

    You can do it by adding a checkbox to the form and hide it with css. If it is checked you can almost be certain it wasn't a human that filled out the form. It is less intrusive for users because they aren't confronted with more fields than they should.

    Als have a look at your $_POST data. You are excepting the user's input without having a look at it first. You can (and should) 'guide' the user to valid data at the front end but more importantly should always validate it at the server side.

    点赞 评论
  • duanche4578 2014-01-21 11:04

    use JQuery for sending data to PHP

        if(check_flag == 0){$.post('PHP/common.php?action=newempcontact', 
                                        name: name,
                                        email: email,
                                        company: company,
                                        tel: tel,       
                                        subject: subject,
                                        comment: comment,       
                        $('html, body').animate({ scrollTop: 0 },'slow');
    点赞 评论
  • donglei_0507 2014-01-21 11:24






    if(mail($to, $subject, $message, $headers))
    点赞 评论

相关推荐 更多相似问题