我想向用户发送一封电子邮件，确认他并更新他的状态以在我的 MySQL 数据库中完成 - I want to send the user an email acknowledging him and updating his status to complete in my MySQL DB

I want to send the user an email acknowledging him and updating his status to complete in my MySQL DB

这是我的PHP脚本，用于通知我刚刚更改了状态的用户，他可以从我的网站打印他的卡，这似乎不是向我的客户发送邮件，它只是更新表格。据称，MySQL 连接字符串已被隐藏。

<?php
  session_start();
  $con=mysqli_connect(*);
  // Check connection
  if (mysqli_connect_errno()){
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

  if(isset($_POST['Request']))
  {
    $result=mysqli_query($con,"SELECT req_date,Name,Mobile,Email FROM pend WHERE Mobile LIKE '" . mysql_escape_string($_POST['Mobile']) . "'; ");
    $row =mysqli_fetch_array($result,MYSQLI_BOTH);
    $Mmobile = $row['Mobile'];
    $email=$row['Email'];
    $name=$row['Name'];
    $req=$row['req_date'];
    if($Mobile == $Mmobile) {
      $message = '<html><body>';
      $message .= '<img src="http://www.mbdr.ml/admin/logo.jpg" alt="Blood Recieved" />';
      $message .= '<table rules="all" style="border-color: #666;" cellpadding="10">';
      $message .= "<tr style='background: #eee;'><td><strong>Name:</strong> </td><td>" . strip_tags($_POST['Name']) . "</td></tr>";
      $message .= "<tr><td><strong>Mobile:</strong> </td><td>" . strip_tags($_POST['Mobile']) . "</td></tr>";
      $message .= "<tr><td><strong>Blood Group:</strong> </td><td>" . strip_tags($_POST['Bld_grp']) . "</td></tr>";
      $message .= "<tr><td><strong>Date Requested:</strong> </td><td>" . $_POST['req_Date'] . "</td></tr>";
      $message .= "</table>";
      $message .= "<a href='http://www.mbdr.ml/lel/lol.php'> Get Your Card After Logging in From Here </a>";
      $message .= "</body></html>";
      //   CHANGE THE BELOW VARIABLES TO YOUR NEEDS
      $to = strip_tags($_POST['Email']);
      $subject = 'Blood Donor Card';
      $headers = "From: " . $cleanedFrom . "'r'n";
      $headers .= "Reply-To: ". strip_tags($_POST['Email']) . "'r'n";
      $headers .= "MIME-Version: 1.0'r'n";
      $headers .= "Content-Type: text/html; charset=ISO-8859-1'r'n";
      if (mail($to, $subject, $message, $headers)) {
        echo 'Your message has been sent.';
      } 
      else {
        echo 'There was a problem sending the email.';
      }
    } 
    else {
      echo "You didn't enter the correct details!";
    }
    $query=mysqli_query($con,"UPDATE pend SET status='complete' WHERE Mobile LIKE '" . mysql_escape_string($_POST['Mobile']) . "'; ");
    if (!$query) {
      printf("Error: %s'n", mysqli_error($con));
      exit();
    }
    $row =mysqli_fetch_array($query,MYSQLI_BOTH);
    $Mmobile = $row['Mobile'];
    if($Mobile == $Mmobile) {
      header("Location:http://www.mbdr.ml/admin/adminpage.php");
    } else {
      echo "You didn't enter the correct details!";
    }
    mysqli_close($con);
  }
>

重写

该行

$result=mysqli_query($con,"SELECT req_date,Name,Mobile,Email FROM pend WHERE Mobile LIKE '" . mysql_escape_string($_POST['Mobile']) . "'; ");

如

$result=mysqli_query($con,"SELECT req_date,Name,Mobile,Email FROM pend WHERE Mobile LIKE '" . mysqli_real_escape_string($con,$_POST['Mobile']) . "'; ");

并将每个mysql_escape_string更改为mysqli_real_escape_string

注意：mysqli_real_escape_string需要 2 个参数