堆栈内存溢出
  简体   繁体   English

我的代码有问题吗? PHP 邮件()

[英]Is there something wrong with my code here? PHP mail()

 原文  2011-07-11 06:43:15       php/ email

问题描述

Seriously.严重地。 My hosting company says that there's something wrong with my Php code.我的托管公司说我的 Php 代码有问题。 I'm not getting any errors from them, and they say it's not my CSS.我没有从他们那里得到任何错误,他们说这不是我的 CSS。 Please help.请帮忙。

    <?php

/* Subject and Email Variables */

    $emailSubject = 'Bookem danno!';
    $webMaster = 'info@mywebsite.com';

/* Gathering Data Variables */

    $nameField = $_POST['name'];
    $cellField = $_POST['cell'];
    $emailField = $_POST['email'];
    $dateField = $_POST['date'];
    $timeField = $_POST['time'];
    $lengthField = $_POST['length'];
    $inoutField = $_POST['inout'];
    $seenbeforeField = $_POST['seenbefore'];
    $detailsField = $_POST['details'];
    $p411Field = $_POST['p411'];
    $datecheckField = $_POST['datecheck'];
    $tobField = $_POST['tob'];
    $terField = $_POST['ter'];
    $otherField = $_POST['other'];
    $screennameField = $_POST['screenname'];
    $companyField = $_POST['company'];
    $worknoField = $_POST['workno'];
    $switchboardnoField = $_POST['switchboardno'];
    $memoField = $_POST['memo'];
    $subscribeField = $_POST['subscribe'];

    $body = <<<EOD
<br><hr><br>
Name: $name <br>
Cellphone: $cell <br>
Email: $email <br>
Date: $date <br>
Time: $time <br>
Length of appointment: $length <br>
Incall Outcall: $inout <br>
Have I seen you before: $seenbefore <br>
Details: $details <br>
P411: $p411 <br>
Datecheck: $datecheck <br>
TOB: $tob <br>
TER: $ter <br>
Other: $other <br>
Screen Name: $screenname <br>
Company: $company <br>
Direct Line: $workno <br>
Switchboard: $switchboardno <br>
Memo: $memo <br>
Subscribe Me: $subscribe <br>
EOD;

    $headers = "From: $email\r\n";
    $headers .= "Content-type: text/html\r\n";
    $success = mail($webMaster, $emailSubject, $body, $headers);

echo "$result";


?>

3 个解决方案

解决方案1
 1  2011-07-11 06:54:57

You are happily using several variables you never define (and discarding some variables you actually set).您很高兴地使用了几个您从未定义过的变量(并丢弃了您实际设置的一些变量)。 That means that you are writing PHP code while having error reporting set to hide notices (or even set to hide all error messages).这意味着您正在编写 PHP 代码,同时将错误报告设置为隐藏通知(甚至设置为隐藏所有错误消息)。 Whatever your problem is (you don't actually say) you are instructing PHP not to notify you.无论您的问题是什么(您实际上并没有说),您都在指示 PHP 不要通知您。 Read this: http://es2.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting阅读: http://es2.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting

解决方案2
 1 已采纳  2011-07-11 07:09:11

Ahem.咳咳。 You're not using any of the variables you instantiated.您没有使用您实例化的任何变量。 For example, initially you say this:例如,最初你这样说:

$emailField = $_POST['email'];

And then you say this:然后你这样说:

$headers = "From: $email\r\n";

There is no variable called $email .没有名为$email的变量。 There is one called $emailField , but you're not using that.有一个叫做$emailField ,但你没有使用它。 In fact, ALL of the variables from your $_POST are getting renamed with "Field" at the end, and then you're trying to refer to them later without the Field part.实际上,您的$_POST中的所有变量都在最后用“Field”重命名,然后您稍后尝试在没有 Field 部分的情况下引用它们。 Won't work.不会工作。

Also, You've got a security vulnerability in that code.此外,您在该代码中存在安全漏洞。 Look:看:

$headers = "From: $email\r\n";

You're assuming that $email is a nice safe value.您假设 $email 是一个不错的安全值。 Suppose somebody fills in your form and tells it their email address is 0wned@example.com\r\nBcc: emai1@example.net, email2@example.org, etc... , thereby causing your email server to send out hundreds or thousands of emails.假设有人填写您的表格并告诉它他们的 email 地址是0wned@example.com\r\nBcc: emai1@example.net, email2@example.org, etc... ,从而导致您的 email 服务器发送数百或数千封电子邮件。

A spammer might do it for the sake of sending spam -- without having to maintain their own email server.垃圾邮件发送者可能会为了发送垃圾邮件而这样做——无需维护自己的 email 服务器。

A bored and malicious person might do it just for the kick of seeing your domain blacklisted as a spammer.一个无聊和恶意的人可能只是为了看到您的域被列入垃圾邮件发送者的黑名单。

An unethical corporate rival might do it to throw a monkey wrench into your ordering procedures in the hopes of driving your out of business.一个不道德的公司竞争对手可能会这样做,以便在您的订购程序中使用活动扳手,以期将您赶出公司。 I am cursed with a good imagination...我被一个很好的想象力诅咒...

Do yourself a favor and try this:帮自己一个忙,试试这个:

$email = str_replace( "\r\n", '', $_POST['email'] );

That will strip out any potential CR/LF pairs, so that nobody can inject their own headers into your email.这将去除任何潜在的 CR/LF 对,因此没有人可以将自己的标头注入您的 email。

解决方案3
 0  2011-07-11 06:48:19

$headers.= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers.= "内容类型: text/html; charset=iso-8859-1\r\n"; replace this with your existing header.. i am not sure but it may help you...用您现有的 header 替换它。我不确定,但它可能对您有帮助...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 这是PHP date()错误,还是我的代码有问题? - Is this a PHP date() bug, or is there something wrong with my code? 我的php搜索代码出了点问题 - Something wrong with my php search code 这个php代码有问题吗? - is there something wrong with this php code? 我的php代码在语法上有问题吗? 提交后,该页面为空白 - Is there something syntactically wrong with my php code? On submission the page goes blank 来自json中的android的php无法发布到表格,我的代码有问题吗? - Php from android in json not posting to table, is there something wrong in my code? 我的网络托管公司说PHP代码有问题 - My web hosting company says there is something wrong with PHP code 这个php GD代码有问题吗? - Is something wrong with this php GD code? 我写了一些jquery,html和php代码用于电子邮件表单联系但是有些错误 - I wrote some jquery, html and php code for e-mail form contact but something is wrong 我的SQL / PHP语法在这里有什么问题? - What is wrong with my SQL/PHP syntax here? 使用php的本机邮件功能有什么问题吗? - is there something wrong with using php's native mail function?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM