0

我的脚本有一些问题,基本上我希望脚本做的是获取表单数据并发布到数据库(它做得很好)然后我希望它发送一封感谢电子邮件,这就是'不工作,它只是没有通过。另外据我所知,即使脚本无法执行脚本,脚本也会发送电子邮件,我该如何解决这个问题。

我对 PHP 还很陌生,只是发现它可以做什么,所以我非常感谢你的帮助。

<?php 

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);

$name = $_POST['name'];
$email = $_POST['email'];


require_once('Connections/connection.php');
mysql_select_db($database_connection);

$query = "INSERT INTO mailing_list ( name, email)
        VALUES ( '$name', '$email');";
mysql_query($query);

mysql_close();

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

 $email_from = 'mailinglist@myemail.com';
    $email_subject = "Welcome to our mailinglist";
    $email_body = "
$name,

Welcome to our mailing list, we will now keep you updated on whats going on here.

To unsubscribe go to.".


  $to = "$email";
  $headers = "From: $email_from \r\n";
  $headers .= "Reply-To: $email \r\n";
  mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.php');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}


 ?>
4

1 回答 1

0

这是您使用 PDO 重新编写的代码。我还删除了回复值,因为我不知道您可以使用用户电子邮件作为回复,电子邮件客户端可能会阻止它。

<?php 

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);

$name = $_POST['name'];
$email = $_POST['email'];

//I recommend rewriting this to NOT use mysql_* functions and instead use PDO
//The documentation is located at http://www.php.net/manual/en/book.pdo.php
/*
require_once('Connections/connection.php');
mysql_select_db($database_connection);
*/
$host = 'host_name';
$dbname = 'database_name';
$user = 'user_name';
$pass = 'user_pass';
try
{
    $DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); 
}
catch(PDOException $e)
{  
    echo $e->getMessage();  
}

$query = "INSERT INTO mailing_list ( name, email) VALUES ( '?', '?');";

$sth = $DB->prepare($query);

//This way only a success will send an email
if($sth->execute(array($name, $email)))
{
    if(IsInjected($email))
    {
        echo "Bad email value!";
        exit;
    }

    $email_from = 'mailinglist@myemail.com';
    $email_subject = "Welcome to our mailinglist";
    $email_body = "
    $name,

    Welcome to our mailing list, we will now keep you updated on whats going on here.

    To unsubscribe go to.".


    $to = $email;
    $headers = "From: $email_from \r\n";
    //I don't know that you can use the to email as the reply-to,
    //most emails will probably block that.
    mail($to,$email_subject,$email_body,$headers);
    //done. redirect to thank-you page.
    header('Location: thank-you.php');
}else{
    echo "Failed to insert into database.";
    exit;
}



// Function to validate against any email injection attempts
// Stole this from w3schools, because it is well done. link is at the bottom
    function spamcheck($field)
    {
        //filter_var() sanitizes the e-mail
        //address using FILTER_SANITIZE_EMAIL
        $field=filter_var($field, FILTER_SANITIZE_EMAIL);

        //filter_var() validates the e-mail
        //address using FILTER_VALIDATE_EMAIL
        if(filter_var($field, FILTER_VALIDATE_EMAIL))
        {
            return TRUE;
        }
        else
        {
            return FALSE;
        }
    }

 ?>

从 W3Schools 获得邮件清理功能:

http://www.w3schools.com/php/php_secure_mail.asp

于 2012-10-30T16:15:44.917 回答