只有輸入實際地址而不是使用$ usr_email時,我的電子郵件纔會發送,儘管它表示「發送了消息」。電子郵件地址來自users表中的user_email字段。 這是用 定義的$ id = intval($ _ SESSION ['user_id']);電子郵件不會根據變量名發送
if (isset($_POST['doSend'])) {
function getTwo($query){
$res = mysql_query($query);
if (!$res) {
trigger_error("db: ".mysql_error()." in ".$query);
return FALSE;
}
if ($row = mysql_fetch_row($res)) {
return $row[0];
}
}
$getuserinfo_q = "SELECT user_email AND user_name FROM users WHERE
id='$_SESSION[user_id]'";
$getuserinfo_e=mysql_query($getuserinfo_q);
if(mysql_num_rows($getuserinfo_e) < 1){
echo "User details not found - User_id is not in DB";
exit();
}
$user_info_val=mysql_fetch_assoc($getuserinfo_e);
if(empty($user_info_val['user_email'])){
echo "there is no such column name as 'user_email'"; //tell the user about column
exit(); //shut off the script
}
$usr_email=$user_info_val['user_email'];
$user_name=$user_info_val['user_name'];
$sqltest = "SELECT completed_status From users where id =
'$_SESSION[user_id]'";
$isSending = getTwo($sqltest);
$isSending === false;
if($isSending >= 6){
require_once "Mail.php";
require_once "Mail.php";
$from = "<xxx>";
$to = "$usr_email";
$subject = "hi";
$body ="Chi ";
$host = "ssl://smtp.gmail.com";
$port = "465";
$username = "xxx";
$password = "xxxx";
$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password));
$mail = $smtp->send($to, $headers, $body);
if (PEAR::isError($mail)) {
echo("<p>" . $mail->getMessage() . "</p>");
} else {
echo("<p>Message successfully sent!</p>");
}
}
else
header ("Location: error.php");
}
你知道這是你可以用mysql做的最溫暖的事情嗎?從user_email ='$ usr_email'或user_name ='$ user_name'的用戶中選擇count(*)作爲總數。小提示:sql注入 – eav 2012-04-19 09:38:37
你試過回顯'$ data ['usr_email'];'? – 2012-04-19 09:38:45
而且你也容易受到SQL注入的影響。 – 2012-04-19 09:39:38