PHP电子邮件脚本的一些问题

Question

我遇到了一些脚本问题，基本上我想要的脚本是获取表单数据并发布到数据库（它做的很好）然后我希望它发送一个感谢你的电子邮件，这是不工作的一点，它只是没有通过。另外从我所知道的情况来看，脚本即使不能执行脚本也会发送电子邮件，我该如何解决这个问题。

我对PHP相当陌生，只是发现它能做什么，所以我非常感谢你的帮助。

<?php 

error_reporting(E_ALL & ~E_NOTICE); 
ini_set('display_errors', TRUE); 
ini_set('display_startup_errors', TRUE); 

$name = $_POST['name']; 
$email = $_POST['email']; 


require_once('Connections/connection.php'); 
mysql_select_db($database_connection); 

$query = "INSERT INTO mailing_list (name, email) 
     VALUES ('$name', '$email');"; 
mysql_query($query); 

mysql_close(); 

if(IsInjected($visitor_email)) 
{ 
    echo "Bad email value!"; 
    exit; 
} 

$email_from = 'mailinglist@myemail.com'; 
    $email_subject = "Welcome to our mailinglist"; 
    $email_body = " 
$name, 

Welcome to our mailing list, we will now keep you updated on whats going on here. 

To unsubscribe go to.". 


    $to = "$email"; 
    $headers = "From: $email_from \r\n"; 
    $headers .= "Reply-To: $email \r\n"; 
    mail($to,$email_subject,$email_body,$headers); 
//done. redirect to thank-you page. 
header('Location: thank-you.php'); 


// Function to validate against any email injection attempts 
function IsInjected($str) 
{ 
    $injections = array('(\n+)', 
       '(\r+)', 
       '(\t+)', 
       '(%0A+)', 
       '(%0D+)', 
       '(%08+)', 
       '(%09+)' 
      ); 
    $inject = join('|', $injections); 
    $inject = "/$inject/i"; 
    if(preg_match($inject,$str)) 
    { 
    return true; 
    } 
    else 
    { 
    return false; 
    } 
} 


?> 

Answer 1

下面是使用PDO重写的代码。我还删除了回复值，因为我不知道您可以使用用户电子邮件作为回复，电子邮件客户端可能会阻止它。

<?php 

error_reporting(E_ALL & ~E_NOTICE); 
ini_set('display_errors', TRUE); 
ini_set('display_startup_errors', TRUE); 

$name = $_POST['name']; 
$email = $_POST['email']; 

//I recommend rewriting this to NOT use mysql_* functions and instead use PDO 
//The documentation is located at http://www.php.net/manual/en/book.pdo.php 
/* 
require_once('Connections/connection.php'); 
mysql_select_db($database_connection); 
*/ 
$host = 'host_name'; 
$dbname = 'database_name'; 
$user = 'user_name'; 
$pass = 'user_pass'; 
try 
{ 
    $DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); 
} 
catch(PDOException $e) 
{ 
    echo $e->getMessage(); 
} 

$query = "INSERT INTO mailing_list (name, email) VALUES ('?', '?');"; 

$sth = $DB->prepare($query); 

//This way only a success will send an email 
if($sth->execute(array($name, $email))) 
{ 
    if(IsInjected($email)) 
    { 
     echo "Bad email value!"; 
     exit; 
    } 

    $email_from = 'mailinglist@myemail.com'; 
    $email_subject = "Welcome to our mailinglist"; 
    $email_body = " 
    $name, 

    Welcome to our mailing list, we will now keep you updated on whats going on here. 

    To unsubscribe go to.". 


    $to = $email; 
    $headers = "From: $email_from \r\n"; 
    //I don't know that you can use the to email as the reply-to, 
    //most emails will probably block that. 
    mail($to,$email_subject,$email_body,$headers); 
    //done. redirect to thank-you page. 
    header('Location: thank-you.php'); 
}else{ 
    echo "Failed to insert into database."; 
    exit; 
} 



// Function to validate against any email injection attempts 
// Stole this from w3schools, because it is well done. link is at the bottom 
    function spamcheck($field) 
    { 
     //filter_var() sanitizes the e-mail 
     //address using FILTER_SANITIZE_EMAIL 
     $field=filter_var($field, FILTER_SANITIZE_EMAIL); 

     //filter_var() validates the e-mail 
     //address using FILTER_VALIDATE_EMAIL 
     if(filter_var($field, FILTER_VALIDATE_EMAIL)) 
     { 
      return TRUE; 
     } 
     else 
     { 
      return FALSE; 
     } 
    } 

?> 

得到了W3Schools的电子邮件清洗功能：

http://www.w3schools.com/php/php_secure_mail.asp