只有输入实际地址而不是使用$ usr_email时,我的电子邮件才会发送,尽管它表示“发送了消息”。电子邮件地址来自users表中的user_email字段。 这是用 定义的$ id = intval($ _ SESSION ['user_id']);电子邮件不会根据变量名发送
if (isset($_POST['doSend'])) {
function getTwo($query){
$res = mysql_query($query);
if (!$res) {
trigger_error("db: ".mysql_error()." in ".$query);
return FALSE;
}
if ($row = mysql_fetch_row($res)) {
return $row[0];
}
}
$getuserinfo_q = "SELECT user_email AND user_name FROM users WHERE
id='$_SESSION[user_id]'";
$getuserinfo_e=mysql_query($getuserinfo_q);
if(mysql_num_rows($getuserinfo_e) < 1){
echo "User details not found - User_id is not in DB";
exit();
}
$user_info_val=mysql_fetch_assoc($getuserinfo_e);
if(empty($user_info_val['user_email'])){
echo "there is no such column name as 'user_email'"; //tell the user about column
exit(); //shut off the script
}
$usr_email=$user_info_val['user_email'];
$user_name=$user_info_val['user_name'];
$sqltest = "SELECT completed_status From users where id =
'$_SESSION[user_id]'";
$isSending = getTwo($sqltest);
$isSending === false;
if($isSending >= 6){
require_once "Mail.php";
require_once "Mail.php";
$from = "<xxx>";
$to = "$usr_email";
$subject = "hi";
$body ="Chi ";
$host = "ssl://smtp.gmail.com";
$port = "465";
$username = "xxx";
$password = "xxxx";
$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password));
$mail = $smtp->send($to, $headers, $body);
if (PEAR::isError($mail)) {
echo("<p>" . $mail->getMessage() . "</p>");
} else {
echo("<p>Message successfully sent!</p>");
}
}
else
header ("Location: error.php");
}
你知道这是你可以用mysql做的最温暖的事情吗?从user_email ='$ usr_email'或user_name ='$ user_name'的用户中选择count(*)作为总数。小提示:sql注入 – eav 2012-04-19 09:38:37
你试过回显'$ data ['usr_email'];'? – 2012-04-19 09:38:45
而且你也容易受到SQL注入的影响。 – 2012-04-19 09:39:38