我对脚本有一些问题,基本上我希望脚本做的是获取表单数据并发布到数据库(它做得很好)然后我希望它发送一封感谢邮件,这是有点不工作,它只是没有通过。同样从我所知道的,即使脚本无法执行脚本,脚本也会发送电子邮件,我该如何解决这个问题。
我对PHP很新,只是发现它能做什么,所以我非常感谢你的帮助。
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
$name = $_POST['name'];
$email = $_POST['email'];
require_once('Connections/connection.php');
mysql_select_db($database_connection);
$query = "INSERT INTO mailing_list ( name, email)
VALUES ( '$name', '$email');";
mysql_query($query);
mysql_close();
if(IsInjected($visitor_email))
{
echo "Bad email value!";
exit;
}
$email_from = 'mailinglist@myemail.com';
$email_subject = "Welcome to our mailinglist";
$email_body = "
$name,
Welcome to our mailing list, we will now keep you updated on whats going on here.
To unsubscribe go to.".
$to = "$email";
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $email \r\n";
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.php');
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
答案 0 :(得分:0)
这是使用PDO重新编写的代码。我还删除了回复值,因为我不知道您可以使用用户电子邮件作为回复,电子邮件客户端可能会阻止它。
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
$name = $_POST['name'];
$email = $_POST['email'];
//I recommend rewriting this to NOT use mysql_* functions and instead use PDO
//The documentation is located at http://www.php.net/manual/en/book.pdo.php
/*
require_once('Connections/connection.php');
mysql_select_db($database_connection);
*/
$host = 'host_name';
$dbname = 'database_name';
$user = 'user_name';
$pass = 'user_pass';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
$query = "INSERT INTO mailing_list ( name, email) VALUES ( '?', '?');";
$sth = $DB->prepare($query);
//This way only a success will send an email
if($sth->execute(array($name, $email)))
{
if(IsInjected($email))
{
echo "Bad email value!";
exit;
}
$email_from = 'mailinglist@myemail.com';
$email_subject = "Welcome to our mailinglist";
$email_body = "
$name,
Welcome to our mailing list, we will now keep you updated on whats going on here.
To unsubscribe go to.".
$to = $email;
$headers = "From: $email_from \r\n";
//I don't know that you can use the to email as the reply-to,
//most emails will probably block that.
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.php');
}else{
echo "Failed to insert into database.";
exit;
}
// Function to validate against any email injection attempts
// Stole this from w3schools, because it is well done. link is at the bottom
function spamcheck($field)
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail
//address using FILTER_VALIDATE_EMAIL
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
?>
获得W3Schools的电子邮件清理功能: