0

我正在为用户发送电子邮件,我进行查询:

$consulta = mysql_query("SELECT * FROM users WHERE email = '$emailDestinatario'");
if($consulta === FALSE) {
(header('Location: http://l2prime.org/index.php?login=success') xor die(mysql_error()));
}    while($row = mysql_fetch_array($consulta))
{
    $username = $row['username'];
}
}

然后我有 $body ,它是电子邮件正文消息的变量:

$body = '
<html>
<head>
<title>Recuperação de password.</title>
</head>
<body>
<h3>Dear <?php echo $username?>,</h3>
<p>
<b>Some text here.</b>
</p>
</body>
</html>
';

那是<?php echo $username?>行不通的,电子邮件到达“亲爱的”,根本没有用户名。有人可以帮我解决这个问题吗?

先感谢您。

最好的问候,马塞洛

4

3 回答 3

2

我认为它很明显

$body = '
<html>
<head>
<title>Recuperação de password.</title>
</head>
<body>
<h3>Dear '.$username.',</h3>
<p>
<b>Some text here.</b>
</p>
</body>
</html>
';

你也可以有这样的东西:

$body = '
<html>
<head>
<title>Recuperação de password.</title>
</head>
<body>
<h3>Dear VARIABLE_USERNAME,</h3>
<p>
<b>Some text here.
Regards,
VARIABLE_SITE_NAME
</b>
</p>
</body>
</html>
';

然后您可以将 VARIABLE_USERNAME 和 VARIABLE_SITE_NAME 以及其他 VARIABLE_XXXXXX 替换为适当的值:

$body = str_replace("VARIABLE_USERNAME",$username,$body);
$body = str_replace("VARIABLE_SITE_NAME",$site_name,$body);
于 2013-06-26T17:20:27.790 回答
0

您不需要<?php在脚本中再次出现。它应该是:

$body = '
<html>
<head>
<title>Recuperação de password.</title>
</head>
<body>
<h3>Dear '. strip_tags($username) .',</h3>
<p>
<b>Some text here.</b>
</p>
</body>
</html>
';

因此,如果$username = "foo";,它将输出:

Dear foo,

Some text here.

strip_tags 函数将从给定的字符串中去除 HTML / PHP 标签。它更安全

于 2013-06-26T17:35:54.910 回答
0

您可以使用<<<EOF:

$body = <<<EOF
Something Something {$var} Something Something
Something Something 
Something Something Something {$var2}
EOF;

PS 为什么每个人都对这里的 SQL 注入如此担心?他只是想发送一封电子邮件,而不是查询数据库..

于 2013-06-26T21:46:15.567 回答