在 PHP Mail 中发送名称数组
我正在使用 PHP 的 Mail 函数向个人发送电子邮件。我想要一种简单的方法来自定义电子邮件中的问候语名称,因此我创建了一个表单,其中有一个逗号分隔的电子邮件列表和一个逗号分隔的名称列表,它们通过 PHP 发布和邮寄。
但是,每次我发送它时,名称都会吐出整个名称数组,而不是我指定的 ONE 值。我已经为此工作了一个小时,但我一生都看不出问题出在哪里......它是如此简单的代码!这是代码,如果您发现任何明显的错误,请告诉我。
$to_emails = $_POST['to_emails'];
$to_names = $_POST['to_names'];
$from_email = $_POST['from_email'];
$message = $_POST['message'];
$subject = $_POST['subject'];
$explode_emails = str_replace(" ", "", explode(",",$to_emails));
$explode_names = explode(",",$to_names);
$email_array = array();
$i=0;
foreach($explode_names as $e) {
$name = $e;
$to = $explode_emails[$i];
$subject = $subject;
$message = $name.",\r\n".$message;
$headers = 'From: '.$from_email . "\r\n" .
'Reply-To: '.$from_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
echo "<font color='#FF0000'>".$i." Emailed: ".$name." : ".$to."</font><br />";
$i++;
}
<form method="post">
To Emails (comma separated)
<input type="text" name="to_emails" value="">
<br /><br />
To Names (comma separated)
<input type="text" name="to_names" value="">
<br /><br />
From
<input type="text" name="from_email" value="[email protected]">
<br /><br />
Subject
<input type="text" name="subject" value="">
<br /><br />
Message
<textarea name="message" rows="5" id="message"></textarea>
<br /><br />
<input type="submit" />
</form>
I'm using PHP's Mail function to send emails to individuals. I wanted an easy way to customize the greeting name in the email, so i created a form where there is a comma separated list of emails and a comma separated list of names, and they get posted and mailed via PHP.
However, every time I send it, the name spits out the entire array of names, and not the ONE value I specify. I've been working on this for an hour now and cannot for the life of me see where the problem is.. its such simple code! Here is the code let me know if you see any glaring errors.
$to_emails = $_POST['to_emails'];
$to_names = $_POST['to_names'];
$from_email = $_POST['from_email'];
$message = $_POST['message'];
$subject = $_POST['subject'];
$explode_emails = str_replace(" ", "", explode(",",$to_emails));
$explode_names = explode(",",$to_names);
$email_array = array();
$i=0;
foreach($explode_names as $e) {
$name = $e;
$to = $explode_emails[$i];
$subject = $subject;
$message = $name.",\r\n".$message;
$headers = 'From: '.$from_email . "\r\n" .
'Reply-To: '.$from_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
echo "<font color='#FF0000'>".$i." Emailed: ".$name." : ".$to."</font><br />";
$i++;
}
<form method="post">
To Emails (comma separated)
<input type="text" name="to_emails" value="">
<br /><br />
To Names (comma separated)
<input type="text" name="to_names" value="">
<br /><br />
From
<input type="text" name="from_email" value="[email protected]">
<br /><br />
Subject
<input type="text" name="subject" value="">
<br /><br />
Message
<textarea name="message" rows="5" id="message"></textarea>
<br /><br />
<input type="submit" />
</form>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这就是我的想法。我不确定这是否完全满足您的要求,但它会向所有指定的人发送电子邮件:
这是我所做的更改的快速概述:
str_replace()不是真的需要。trim()是一个更有效的函数来修剪前导或尾随空格。我将电子邮件地址及其相应的名称合并到一个名为
$recipients的关联数组中。这比通过数字键引用它们更容易跟踪,并且实际上将数据相互关联。这也使得循环更容易阅读。我简化了标头的创建方式。在字符串开头添加回车符
\r\n会更容易,这样更容易阅读,并且不太可能忘记,或者在末尾留下额外的回车符。虽然上面的代码可以工作,但我也会借此机会警告您当前代码中存在的漏洞:电子邮件标头注入。
如果攻击者向您的表单提交包含“\r\n”字符的内容,他们就可以注入自己的标头。这意味着,他们最终可能会将这封电子邮件发送给比您希望的更多的人,或者他们可能会注入自己的自定义正文消息。
这个例子应该是一个很好的例子您将了解如何防止此类攻击,因为它的代码示例与您的非常相似。
您永远不应该信任通过 $_POST 发送的输入。您应该验证提交的数据是否采用您期望的正确格式,并且不包含任何恶意字符。
Here's what I came up with. I'm not sure if this exactly answers what you want, but it would send email to all the people specified:
Here's a quick rundown of the changes I made:
str_replace()wasn't really needed.trim()is a more efficient function to trim leading or trailing whitespace.I merged the email addresses and their corresponding names into an associative array called
$recipients. This is easier to keep track of than referencing them by a numeric key, and actually associates the data to each other. This also makes looping over them easier to read.I simplified how headers are created. It's easier to add the carriage return
\r\nat the start of the string, making it easier to read, and less likely to forget one, or leave an extra return on the end.While the above code will work, I'll also take this opportunity to also warn you of a vulnerability present in your current code: Email Header Injection.
If an attacker submits content to your form containing the "\r\n" character, they can inject their own headers. Meaning, they could end up sending this email to more people than you want it to go to, or they may inject their own custom body message.
This example should be a good example for you on how to prevent this kind of attack, as its code example highly resembles yours.
You should NEVER trust input sent via $_POST. You should validate the submitted data is in the correct format you expect and does not contain any malicious characters.