所以我有一个名为unsubscribe_process的页面,当给出一个url查询时,例如www.example.com/unsubscribe_process.php?passkey=123,然后使用mysqli查找并删除该成员。
我遇到的问题是我的unsubscribe.php页面。它包括一个表单,允许用户输入他们的电子邮件。将提交表单,然后向用户发送一封电子邮件,链接unsubscribe_process.php页面以及该用户的特定查询和密钥。然后希望用户检查他们的电子邮件并单击链接,然后unsubscribe_process页面将从数据库中删除它们。
回到subscribe.php页面,它在任何地方都没有DELETE slqi函数,但是在提交表单后用户会以某种方式被删除。它似乎在subscribe.php中执行www.example.com/unsubscribe_process.php?passkey=123,用户无需在电子邮件中点击它。
以下是用户提交电子邮件后执行的功能:
function sendEmail() {
//enter details into db automatically
$con = @require './../dbcon.php';
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
$email = mysqli_real_escape_string($dbConnection, $_POST['email']);
$atIndex = strrpos($email, "@");
$emailindex = substr($email, 0, $atIndex);
if ($email=='')
{
echo "<p>No Username has been specified. Please <a href=http://www.example.com/unsubscribe.php> try again.</a></p>";
}
//check if username exists in database
$result = mysqli_query($DB,"SELECT * FROM members WHERE user='". $emailindex ."'") or die(mysql_error());
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_array($result);
$passkey = $row['confirmcode'];
//if password is set then erase password and send an email to user to update details/create new password.
if ($row['paid'] ==1){
$to=$email;
$subject="Unsubscribe";
$header="from: webmaster@example.com";
$message.="You can now unsubscribe yourself in one click with the following link: \r\n";
$message.="http://www.example.com/unsubscribe_process.php?passkey=$passkey\r\n\r\n";
$sentmail = mail($to,$subject,$message,$header);
if($sentmail){
echo "</br><p class='maintextSubmit' align='center'> Please check your email to complete the process.</p>";
}
else echo "</br><p class='maintextError' align='center'> An error occurred. Please try again.</p>";
}
mysqli_close($DB);
}
}
}
SO:发送电子邮件时,php会为我执行链接吗?这实际上是subscribe.php页面上任何地方对unsubscribe_process.php页面的唯一引用。为什么在发送电子邮件时会执行unsubscribe_process.php?passkey = $ passkey?如何防止这种情况发生(仅当通过电子邮件点击链接时)?我错过了什么吗?