我想向用户发送一封确认他的电子邮件并更新他的状态以在我的MySQL数据库中完成

时间:2016-01-25 03:49:18

标签: php mysql mysqli

这是我的PHP脚本,用于告知用户,我刚刚更改了状态,他可以从我的网站上打印出他的卡片,这似乎没有邮寄给我的客户,只是更新了表格。 MySQL连接字符串已经被隐藏了。

<?php
  session_start();

  $con=mysqli_connect(*);

  // Check connection

  if (mysqli_connect_errno()){
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }


  if(isset($_POST['Request']))
  {
    $result=mysqli_query($con,"SELECT req_date,Name,Mobile,Email FROM pend WHERE Mobile LIKE '" . mysql_escape_string($_POST['Mobile']) . "'; ");
    $row =mysqli_fetch_array($result,MYSQLI_BOTH);
    $Mmobile = $row['Mobile'];
    $email=$row['Email'];
    $name=$row['Name'];
    $req=$row['req_date'];

    if($Mobile == $Mmobile) {
      $message = '<html><body>';
      $message .= '<img src="http://www.mbdr.ml/admin/logo.jpg" alt="Blood Recieved" />';
      $message .= '<table rules="all" style="border-color: #666;" cellpadding="10">';
      $message .= "<tr style='background: #eee;'><td><strong>Name:</strong> </td><td>" . strip_tags($_POST['Name']) . "</td></tr>";
      $message .= "<tr><td><strong>Mobile:</strong> </td><td>" . strip_tags($_POST['Mobile']) . "</td></tr>";
      $message .= "<tr><td><strong>Blood Group:</strong> </td><td>" . strip_tags($_POST['Bld_grp']) . "</td></tr>";
      $message .= "<tr><td><strong>Date Requested:</strong> </td><td>" . $_POST['req_Date'] . "</td></tr>";
      $message .= "</table>";
      $message .= "<a href='http://www.mbdr.ml/lel/lol.php'> Get Your Card After Logging in From Here </a>";
      $message .= "</body></html>";
      //   CHANGE THE BELOW VARIABLES TO YOUR NEEDS
      $to = strip_tags($_POST['Email']);
      $subject = 'Blood Donor Card';
      $headers = "From: " . $cleanedFrom . "\r\n";
      $headers .= "Reply-To: ". strip_tags($_POST['Email']) . "\r\n";
      $headers .= "MIME-Version: 1.0\r\n";
      $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

      if (mail($to, $subject, $message, $headers)) {
        echo 'Your message has been sent.';
      } 
      else {
        echo 'There was a problem sending the email.';
      }
    } 
    else {
      echo "You didn't enter the correct details!";
    }
    $query=mysqli_query($con,"UPDATE pend SET status='complete' WHERE Mobile LIKE '" . mysql_escape_string($_POST['Mobile']) . "'; ");

    if (!$query) {
      printf("Error: %s\n", mysqli_error($con));
      exit();
    }
    $row =mysqli_fetch_array($query,MYSQLI_BOTH);
    $Mmobile = $row['Mobile'];

    if($Mobile == $Mmobile) {
      header("Location:http://www.mbdr.ml/admin/adminpage.php");
    } else {
      echo "You didn't enter the correct details!";
    }
    mysqli_close($con);
  }

>

1 个答案:

答案 0 :(得分:0)

重新写行

$result=mysqli_query($con,"SELECT req_date,Name,Mobile,Email FROM pend WHERE Mobile LIKE '" . mysqli_real_escape_string($con,$_POST['Mobile']) . "'; ");

作为

mysql_escape_string

并将每mysqli_real_escape_string更改为mysqli_real_escape_string

注意:element.inventDimSetupObject().modifyQuery(inventSum_DS,inventDim_DS, InventLookupView_ds); 需要2个参数

相关问题
最新问题