PHP发送两次电子邮件而不正确上传图片:/

时间:2013-04-21 20:28:33

标签: php

我一直在设计一个网站,一切都运行得很好,直到我开始添加一些额外内容,所以它会完全按照我希望的方式工作。

这是一个网站的脚本,用于上传他们在线广告的标题,描述,人名,图片,电子邮件地址和密码。然而,它不再想要正确命名图像,并且它发送了两次电子邮件,一次是在可能有图像的实例中,它立即在有人可能无法上传图像的实例中执行,但它正在读取它如果两者都这样做,因为文件上传时出错。

顺便说一下,这是我创建的第一个PHP脚本,所以它看起来很糟糕,因为我从网上找到的不同东西中混淆了它:)

p.s魔术发生的页面是www.afterswap.com/give.php

p.p.s我有一个全局配置文件,用于设置所有数据库连接信息等,因此它不存在。

<?PHP
include("inc/header.php");
foreach ($_POST as $key => $val)
    $_POST[$key] = mysqli_real_escape_string($con, $val);
$back = "<a href='give.php'>Click Here To Go Back And Try Again</a>";
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $imagename      = basename($_FILES['userfile']['name']);
    $uploadedfile   = $_FILES['userfile']['tmp_name'];
    if (empty($imagename)) {
        $error = 1;
        echo "<h2 class='error'>The name of the image was not found.</h2>" . $back;
    }

    if ($error != 1 && $noimg != 1) {

        $filename  = stripslashes($_FILES['userfile']['name']);
        $extension = substr(strrchr($filename, '.'), 1);
        $extension = strtolower($extension);
    }

    if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
        echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . '';
        $errors = 1;
    } else {

        $time     = time();
        $newimage = "/photos/" . $time . $imagename;
        $result   = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
        if (empty($result)) {
            $error = 1;
            echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . "";
        }


        $date  = date("Y/m/d H:i:s");
        $query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')";
        mysqli_query($query) or die(mysqli_error());

        $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
        $query2 = mysqli_query($pullback) or die(mysqli_error());
        while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
            $newid = $row['adid'];
            $pass  = $row['pass'];
        }

        $url = "http://";
        $url .= getenv("HTTP_HOST");
        $Name      = "AfterSwap";
        $emailf    = "noreply@afterswap.com";
        $recipient = $email;
        $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
        $subject   = "AfterSwap Ad Details";
        $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
        $headers .= "Content-type: text/html\r\n";

        mail($recipient, $subject, $mail_body, $headers);

        echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

    }
} elseif (isset($_POST['upload'])) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $date           = date("Y/m/d H:i:s");
    $query          = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')";
    mysqli_query($query) or die(mysqli_error());

    $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
    $query2 = mysqli_query($pullback) or die(mysqli_error());
    while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
        $newid = $row['adid'];
        $pass  = $row['pass'];
    }


    $url = "http://";
    $url .= getenv("HTTP_HOST");
    $Name      = "AfterSwap";
    $emailf    = "noreply@afterswap.com";
    $recipient = $email;
    $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
    $subject   = "AfterSwap Ad Details";
    $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
    $headers .= "Content-type: text/html\r\n";

    mail($recipient, $subject, $mail_body, $headers);

    echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

} else {
?>

/* HTML Form here */

<?PHP } ?>

2 个答案:

答案 0 :(得分:1)

试试这个

更改此行

} elseif (isset($_POST['upload'])) {

} elseif (isset ( $_POST ['upload'] ) && empty($_FILES)) {

答案 1 :(得分:0)

我能想到的唯一一件事就是if,elseif,或者因为条件被满足两次而被传递两次。您可能希望使用更好的缩进来修改代码,并检查何时传递elseif,if和else块。另外,从你评论帖子的两个人那里得到建议是个好主意,MYSQLI是一个很好的方式!还有一件事:你永远不应该传递$ _POST未经证实!这是一个简单的简易消毒脚本!

的mysqli:

foreach($_POST as $key=>$val)
$_POST[$key] = mysqli_real_escape_string($con, $val);


MYSQL:

foreach($_POST as $key=>$val) 
$_POST[$key] = mysql_real_escape_string($con, $val);