这是PHP中的错误还是奇怪的行为?

时间:2011-08-09 22:09:26

标签: php

我有2个脚本/页面,都使用会话数据。

第1页是包含一些数据的表,其中一个数据是电子邮件地址。只有$_SESSION['email'] == 'myEmail@email.com'才能访问此页面。表格的每一行都有一个按钮,用于向脚本/页面2发送AJAX调用,该脚本通过电子邮件发送相应的电子邮件地址。

在第2页中,还有$_SESSION['email'] == 'myEmail@email.com'的另一项检查。

然后设置$email = $_POST['email']并调用mail()函数。执行此脚本后,它会自动将$_SESSION['email']更改为$email

我已将变量名称从$email更改为$sendToEmail,这样可以解决问题。

我的问题是为什么这样做?这是一个错误还是一个功能?

修改

这是完整的mail.php代码。

<?php
session_start();
define("_VALID_PHP", true);
require_once('init.php');

if ($_SESSION['email'] == 'email@gmail.com') {
    if (isset($_POST['iid'])) {
        $iid = $_POST['iid'];
        if (isset($_POST['email'])) {
            $sendToEmail = $_POST['email'];
            $query = $db->query("SELECT id FROM esns WHERE iid='$iid' AND status=0");
            if (mysql_num_rows($query) > 0) {
                $data['success'] = false;
                $data['msg'] = "Email cannot be sent until all ENS's are checked for this invoice.";
            }
            else {
                $query = $db->query("SELECT uid, md5 FROM invoice WHERE id='$iid'");
                $row = $db->fetch($query);
                $uid = $row['uid'];
                $md5 = $row['md5'];
                $query = $db->query("SELECT email FROM users WHERE id='$uid'");
                $row = $db->fetch($query);
                if ($row['email'] == $email) {
                    $clean = array();
                    $bad = array();
                    $invalid = array();
                    $query = $db->query("SELECT esn, status, carrier FROM esns WHERE iid='$iid'");

                    $headers = "From: email@site.com";
                    $subject = "New Message from site.com";

                    $body = "Hello";

                    $mail = mail($sendToEmail,$subject,$body,$headers);

                    if (!$mail) {
                        $data['success'] = false;
                        $data['msg'] = "There was an error sending the email."; 
                    }
                    else {
                        $query = mysql_query("UPDATE invoice SET paid=2 WHERE id='$iid'");
                        $data['success'] = true;
                    }
                }
                else {
                    $data['success'] = false;
                    $data['msg'] = "There was an mismatch with the emails. The posted email does not belong to this invoice.";  
                }
            }
        }
        else {
            $data['success'] = false;
            $data['msg'] = "Post data not sent/recieved correctly: `email` is no set.";
        }
    }
    else {
        $data['success'] = false;
        $data['msg'] = "Post data not sent/recieved correctly: `iid` is no set.";
    }
}
else {
    $data['success'] = false;
    $data['msg'] = "Your are not logged in as an administrator.";
}
echo json_encode($data);
?>

1 个答案:

答案 0 :(得分:4)

你可能有register_globals吗?这可能是您问题的核心,因为当它处于启用状态时,它会在设置$_SESSION时自动设置$email

相关问题
最新问题