-1
我寫了一個php代碼,它將數據保存到數據庫中,並通過用戶附加文件(如簡歷)將用戶的電子郵件發送到客戶端,下面是將數據保存到數據庫中的代碼併發送電子郵件的表單字段到客戶端現在任何人都可以幫助我發送郵件時附加文件。如何通過php將文件附加到郵件
<?php
include_once "dbconnection.php";
if(isset($_FILES['file']['name'])){
$ext = end(explode('.', $_FILES['file']['name']));
$ext;
$target = "careers";
$il = $_FILES['file']['name'];
$target = $target . $_FILES['file']['name'];
if(move_uploaded_file($_FILES['file']['tmp_name'], $target))
{
}
else
{
}
}
if(isset($_POST["role"])){
$role=$_POST["role"];} else {$role="";}
if(isset($_POST["fname"])){
$fname=$_POST["fname"];} else {$fname="";}
if(isset($_POST["lname"])){
$lname=$_POST["lname"];} else {$lname="";}
if(isset($_POST["city"])){
$city=$_POST["city"];} else {$city="";}
if(isset($_POST["email"])){
$email=$_POST["email"];} else {$email="";}
if(isset($_POST["cntctno"])){
$cntctno=$_POST["cntctno"];} else {$cntctno="";}
if(isset($_POST["basicqualific"])){
$basicqualific=$_POST["basicqualific"];} else {$basicqualific="";}
if(isset($_POST["postqualific"])){
$postqualific=$_POST["postqualific"];} else {$postqualific="";}
if(isset($_POST["resumeheadline"])){
$resumeheadline=$_POST["resumeheadline"];} else {$resumeheadline="";}
if(isset($_POST["expyears"])){
$expyears=$_POST["expyears"];} else {$expyears="";}
if(isset($_POST["expmonths"])){
$expmonths=$_POST["expmonths"];} else {$expmonths="";}
if(isset($_POST["currsalary"])){
$currsalary=$_POST["currsalary"];} else {$currsalary="";}
if(isset($_POST["expsalary"])){
$expsalary=$_POST["expsalary"];} else {$expsalary="";}
if(isset($_POST["curremploy"])){
$curremploy=$_POST["curremploy"];} else {$curremploy="";}
if(isset($_POST["jobtitle"])){
$jobtitle=$_POST["jobtitle"];} else {$jobtitle="";}
if(isset($_POST["preflocation"])){
$preflocation=$_POST["preflocation"];} else {$preflocation="";}
if(isset($_FILES["file"])){
$file=$target;} else {echo "not set";}
$sql="INSERT INTO careers (role, fname, lname, city, email, cntctno, basicqualific, postqualific, resumeheadline, expyears, expmonths, currsalary, expsalary, curremploy, jobtitle, preflocation, image)
VALUES ('$role', '$fname', '$lname', '$city', '$email', '$cntctno', '$basicqualific', '$postqualific', '$resumeheadline', '$expyears', '$expmonths', '$currsalary', '$expsalary', '$curremploy', '$jobtitle', '$preflocation', '$il')";
$to = "[email protected]";
$subject = "Contact mail through website from ".$fname." ".$lname;
$from = "[email protected]";
$message =
"
Role: ".$role.
"
Name: ".$fname." ".$lname.
"
Email: ". $email.
"
Phone: ".$cntctno.
"
City: ".$city.
"
Service: ".$service.
"
Basic Qualification: ".$basicqualific.
"
Post Qualification: ".$postqualific.
"
Resume Headline: ".$resumeheadline.
"
Experience in years: ".$expyears.
"
Experience in months: ".$expmonths.
"
Current Salary:".$currsalary.
"
Expected Salary: ".$expsalary.
"
Current Employer:".$curremploy.
"
Job Title: ".$jobtitle.
"
Preffered Location: ".$preflocation;
$headers = "From:" ."xxxxx - " . $from;
mail($to,$subject,$message,$headers);
if (!mysqli_query($con, $sql))
{
echo " Sorry for the inconvenience, please insert again. Error: ".mysqli_error($con);
} else {
echo "Thank you for showing your interest in us. A member of our team will contact you shortly. ";
}
?>`
您已經標記了PHPMailer的,但你真正使用它?我不認爲這是正確的用法。 https://github.com/Synchro/PHPMailer – dcclassics
你也開始通過訪問$ _POST變量進行注入攻擊,而不是在直接插入目標數據庫之前對其進行過濾/消毒。請參閱:http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – VikingBlooded