表单由于涉及到字符输入入库,是极其容易被攻击挂马!
1、前端进行验证拦截。
2、数据提交到后端进行验证,先去除两侧空格,validate并不能检测出空格。
$data['email']=trim($data['email']);
3、validate验证
这里的提示消息,手机端兼用
use think\Validate;
use think\exception\ValidateException;
try {
$this->validate( [
'first_name' =>$data['first_name'],
'last_name' => $data['last_name'],
'email' => $data['email'],
], 'app\common\validate\Message');
} catch (ValidateException $e) {
echo "<div style='width:95vw;height:90vh;display:flex;align-items: center;
justify-content: center;'><div style='text-align:center'><img src='/static/index/images/error.png' style='width:80px'><h1 style='font-size:2em;'>".$e->getError()."</h1><br><a href='javascript:window.history.go(-1);' style='font-size:1em;colo:#1c6aba'>Back ></a></div></div>";
die();
//return alert($e->getError(),'/',6,3);
}<?php
namespace app\common\validate;
use think\Validate;
class Message extends Validate
{
protected $rule = [
'first_name' => 'require',
'last_name' => 'require',
'email' => 'email',
];
protected $message = [
'first_name.require' => 'Please fill in the first name!',
'last_name.require' => 'Please fill in the last name!',
'email.require' => 'Please fill in the email!',
];
}推荐阅读:
