phpmailer 抛出 mysql 错误

Question

我正在尝试使用 phpmailer 发送时事通讯，但每次尝试触发它时都会收到以下错误。我不确定我的sql语法是否正确？

Warning: mysql_fetch_array() : supplied argument is not a valid MySQL result resource in view.html.php(38):eval()'d code on line 32

<?php
$formid = $_GET[token];
$templatequery = mysql_query("
    SELECT * 
    FROM hqfjt_chronoforms_data_addmailinglistmessage 
    WHERE cf_id = '$formid'"
) or die(mysql_error());

$templateData = mysql_fetch_object($templatequery);

$gasoiluserTemplate = $templateData->gasoilusers;
$dervuserTemplate = $templateData->dervusers;
$kerouserTemplate = $templateData->kerousers;
$templateMessage = $templateData->mailinglistgroupmessage;
?>  

<?php
require_once('./send/class.phpmailer.php');
//include("class.smtp.php"); // optional, gets called from within class.phpmailer.php if not already loaded
$mail = new PHPMailer(true); //defaults to using php "mail()"; the true param means it will throw exceptions on errors, which we need to catch

// $body = file_get_contents('contents.html');
$body = 'Dear Test this is a test.';
// $body = preg_replace('/\\\\/i', $body);

$mail->SetFrom('crea@cruiseit.co.uk', 'List manager');
$mail->AddReplyTo('crea@cruiseit.co.uk', 'List manager');

$mail->Subject = "Mailing List Test";

$query = "
    SELECT leadname,businessname,email 
FROM hqfjt_chronoforms_data_addupdatelead 
WHERE keromailinglist='$kerolist' 
    AND dervmailinglist='$dervlist' 
    AND gasoilmailinglist='$gasoillist'";
$result = @MYSQL_QUERY($query);

while ($row = mysql_fetch_array ($result)) {
    $mail->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
    $mail->MsgHTML($body);
    $mail->AddAddress($row["email"], $row["full_name"]);
    $mail->AddStringAttachment($row["photo"], "YourPhoto.jpg");

    if(!$mail->Send()) {
        echo "Mailer Error (" . str_replace("@", "&#64;", $row["email"]) . ') ' . $mail->ErrorInfo . '<br>';
    } else {
        echo "Message sent to :" . $row["full_name"] . ' (' . str_replace("@", "&#64;", $row["email"]) . ')<br>';
    }
    // Clear all addresses and attachments for next loop
    $mail->ClearAddresses();
    $mail->ClearAttachments();
}
?>

编辑>>>>>>

我现在添加了错误检查，但现在只是得到一个没有错误的空白页面，而且没有邮件？

            <?php

                   $formid = $_GET[token];
            $templatequery = mysql_query("SELECT * FROM hqfjt_chronoforms_data_addmailinglistmessage WHERE cf_id = '$formid'") or die(mysql_error());
            $templateData = mysql_fetch_object($templatequery);

            $gasoiluserTemplate = $templateData->gasoilusers;
            $dervuserTemplate = $templateData->dervusers;
            $kerouserTemplate = $templateData->kerousers;
            $templateMessage = $templateData->mailinglistgroupmessage;
                ?>  
                    <?php
            require_once('./send/class.phpmailer.php');
            //include("class.smtp.php"); // optional, gets called from within class.phpmailer.php if not already loaded

            $mail = new PHPMailer(true); //defaults to using php "mail()"; the true param means it will throw exceptions on errors, which we need to catch

            // $body                = file_get_contents('contents.html');

            $body = 'Dear Test this is a test.';

            // $body = preg_replace('/\\\\/i', $body);

            $mail->SetFrom('crea@cruiseit.co.uk', 'List manager');
            $mail->AddReplyTo('crea@cruiseit.co.uk', 'List manager');

            $mail->Subject       = "Mailing List Test";

            $query  = "SELECT leadname,businessname,email FROM hqfjt_chronoforms_data_addupdatelead WHERE keromailinglist='$kerolist' AND dervmailinglist='$dervlist' AND gasoilmailinglist='$gasoillist'";
            $result = mysql_query($query);

            // Bail out on error 
if (!$result)  
  { 
    trigger_error("Database error: ".mysql_error()." Query used was:     ".htmlentities($query), E_USER_ERROR); 
    die();
    }


            while ($row = mysql_fetch_array ($result)) {
              $mail->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
              $mail->MsgHTML($body);
              $mail->AddAddress($row["email"], $row["full_name"]);
              $mail->AddStringAttachment($row["photo"], "YourPhoto.jpg");

              if(!$mail->Send()) {
                echo "Mailer Error (" . str_replace("@", "&#64;", $row["email"]) . ') ' . $mail->ErrorInfo . '<br>';
              } else {
                echo "Message sent to :" . $row["full_name"] . ' (' . str_replace("@", "&#64;", $row["email"]) . ')<br>';
              }
              // Clear all addresses and attachments for next loop
              $mail->ClearAddresses();
              $mail->ClearAttachments();
            }
            ?>

Answer 1

您的代码没有进行任何错误检查，因此查询失败时会静默中断也就不足为奇了。检查错误，它会告诉你出了什么问题——manual on mysql_query() 或reference question. 中概述了如何做。并去掉mysql_query()前面的@！示例：

$result = mysql_query($query);

// Bail out on error 
if (!$result)  
  { 
    trigger_error("Database error: ".
                  mysql_error().
                  " Query used was: ".
                  htmlentities($query), E_USER_ERROR); 
    die();
   }

这将向您显示究竟出了什么问题，以及正在使用的最终查询是什么样的。

作为旁注（也可能是您的根本原因的解决方案），您显示的代码容易受到SQL injection 的攻击。这可能是破坏您的查询的原因。

您需要对所有传入值执行mysql_real_escape_string()，如下所示：

$formid = mysql_real_escape_string($_GET["token"]);

Answer 2

函数调用之前的@ 抑制了应该告诉你发生了什么的错误。