diff --git a/application/api/controller/Sms.php b/application/api/controller/Sms.php
index 10a5421bcef59258fd15110804f81eaabba9fd53..e42a7a3aec2d04eba1af5cfdb096a9d64ef41b8f 100644
--- a/application/api/controller/Sms.php
+++ b/application/api/controller/Sms.php
@@ -52,6 +52,9 @@ class Sms extends Api
         if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
             $this->error(__('手机号不正确'));
         }
+        if (!preg_match("/^[a-z0-9_\-]{3,30}\$/i", $event)) {
+            $this->error(__('事件名称错误'));
+        }
         $last = Smslib::get($mobile, $event);
         if ($last && time() - $last['createtime'] < 60) {
             $this->error(__('发送频繁'));
@@ -102,6 +105,13 @@ class Sms extends Api
         if (!$mobile || !\think\Validate::regex($mobile, "^1\d{10}$")) {
             $this->error(__('手机号不正确'));
         }
+        if (!preg_match("/^[a-z0-9_\-]{3,30}\$/i", $event)) {
+            $this->error(__('事件名称错误'));
+        }
+        if (!preg_match("/^[a-z0-9]{4,6}\$/i", $captcha)) {
+            $this->error(__('验证码格式错误'));
+        }
+        
         if ($event) {
             $userinfo = User::getByMobile($mobile);
             if ($event == 'register' && $userinfo) {