我遇到此代码的电子邮件部分的问题。 当我提交记录时,它说插入成功插入,但对于电子邮件,我得到通知:数组到字符串转换,它不想发送订购产品的电子邮件到输入的电子邮件。我无法弄清楚问题是什么。我将继续尝试不同的方法。
process_insert.php
<html>
<head>
<title></title>
</head>
<body>
<?php
ini_set('display_errors', 1);
error_reporting(~0);
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "blog_samples";
$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);
$rows_count = count($_POST["name"]);
for($i=0;$i<$rows_count;$i++){
// PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]);
$name = mysqli_real_escape_string($conn,$_POST["name"][$i]);
$code = mysqli_real_escape_string($conn,$_POST["code"][$i]);
$quantity = intval($_POST["quantity"][$i]);
$price = mysqli_real_escape_string($conn,$_POST["price"][$i]);
$sql = "INSERT INTO order_table ( employee_name, name, code, quantity, price)
VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')";
$query = mysqli_query($conn,$sql);
}
if(mysqli_affected_rows($conn)>0) {
echo "Record add successfully";
}
$to = "test123@gmail.com";
$subject = "Supplies";
$headers = "From: user@gmail.com";
$message =
"employee_name: " . $_POST['employee_name'] . "
" ."name: ". $_POST['name'] ."
". "code: " . $_POST['code'] . "
" ."quantity: ". $_POST['quantity'] . "
". "price: " . $_POST['price'] . "";
mail($to,$subject,$message,$headers);
?>
</body>
</html>
答案 0 :(得分:1)
您必须将您的电子邮件代码放在循环中,如下所示: -
<html>
<head>
<title></title>
</head>
<body>
<?php
ini_set('display_errors', 1);
error_reporting(~0);
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "blog_samples";
$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);
$rows_count = count($_POST["name"]);
for($i=0;$i<$rows_count;$i++){
// PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]);
$name = mysqli_real_escape_string($conn,$_POST["name"][$i]);
$code = mysqli_real_escape_string($conn,$_POST["code"][$i]);
$quantity = intval($_POST["quantity"][$i]);
$price = mysqli_real_escape_string($conn,$_POST["price"][$i]);
$sql = "INSERT INTO order_table ( employee_name, name, code, quantity, price)
VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')";
$query = mysqli_query($conn,$sql);
if(mysqli_affected_rows($conn)>0) {
echo "Record add successfully";
$to = "test123@gmail.com";
$subject = "Supplies";
$headers = "From: user@gmail.com";
$message =
"employee_name: " . $employee_name . "
" ."name: ". $name ."
". "code: " . $code . "
" ."quantity: ". $quantity . "
". "price: " . $price . "";
mail($to,$subject,$message,$headers);
}
}
?>
</body>
</html>
注意: - 您的代码容易受到SQL INJECTION的攻击。使用prepared statements作为评论