I am confused by the use of single and double quotation marks, echo, and $message .=
I cannot figure out how to code a foreach loop inside my $message to output the cart items. The thead part works, but the tbody area is flawed. Any help is appreciated.
<?php
session_start();
// Initialize variables
$name = $telephone = $email = $jim_gmail = '';
// Post data from #quote-form.html.php
if( $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'] ) ) {
// Sanitize and post data to variables
$company = sanitize( $_POST['company'] );
$name = sanitize( $_POST['name'] );
$telephone = sanitize( $_POST['telephone'] );
$email = sanitize( $_POST['email'] );
// Assign $name value to SESSION variable for use #thankyou.html.php
$_SESSION['name'] = $name;
// Initialize and declare variables for script validation
$errMsg = '';
$telephone_pattern = '/^((([0-9]{1})*[- .(]*([0-9]{3})[- .)]*[0-9]{3}[- .]*[0-9]{4})+)*$/';
$alpha_only_pattern = '/^[a-zA-Z]*$/';
$email_pattern = '/^([a-zA-Z0-9._%-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4})*$/';
$integers_pattern = '/^[0-9]*$/';
// Validate user data before submitting to server
if(empty($name) || empty($telephone) || empty($email))
{
$errMsg = "*Name, telephone and email address required.<br>";
include 'error.html.php';
}
elseif (preg_match($email_pattern,$email) === 0 )
{
$errMsg = "*Please enter a valid email address.<br>";
include 'error.html.php';
}
else
{
/* Prepare message for e-mail */
/* set e-mail recipient */
$jim_gmail = 'jim#gmail.com';
// Three required arguments ($to, $subject, $message)
$to = "$jim_gmail";
$subject = "Buyer for CraneHeli";
$from = "$email";
$message = // contents of report in $message
"
<html>
<head></head>
<body>
<h3>Parts Buyer</h3>
<p>Company: $company</p>
<p>Name: $name</p>
<p>Telephone: $telephone</p>
<p>Email: $email</p>
<h3>Please quote the following:</h3>
<table name='contact_seller' style='border-collapse:collapse';>
<thead>
<tr>
<th>ID</th>
<th>Part Number</th>
<th>Description</th>
<th>Quantity</th>
</tr>
</thead>
<tbody>
<?php foreach($cart as $item): ?>
<tr>
<td>$item['id']</td>
<td>$item['part_number']</td>
<td>$item['description']</td>
<td>$item['quantity']</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<p>End of buyer data report</p>
<hr />
</body>
</html>
"; //end of $message
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n"; // code to send HTML on UNIX
$headers .= 'Content-type:text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'From: ' . $from . "\r\n";
$headers .= 'Bcc: ' . $jim_gmail . "\r\n"; // works
$headers .= 'Bcc: ' . $jim_gmail . "\r\n"; // works
// Send message using mail() function
mail($to, $subject, $message, $headers);
// Check to see if headers not sent. If true, redirect to thank_you.php page
if(!headers_sent()){
header('Location: thankyou.html.php');
exit();
}else{
echo "<span class='errMsg'>Message sent successfully!</span><br><br>" .
"Cannot redirect, please click this <a " .
"href=\".\">link</a> instead\n";
}
exit();
}
/******* Functions used *******/
function sanitize($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
You're nearly there:
$message = // contents of report in $message
"
<html>
<head></head>
<body>
<h3>Parts Buyer</h3>
<p>Company: $company</p>
<p>Name: $name</p>
<p>Telephone: $telephone</p>
<p>Email: $email</p>
<h3>Please quote the following:</h3>
<table name='contact_seller' style='border-collapse:collapse';>
<thead>
<tr>
<th>ID</th>
<th>Part Number</th>
<th>Description</th>
<th>Quantity</th>
</tr>
</thead>
<tbody>";
foreach($cart as $item) {
$message .="<tr>
<td>" . $item['id'] ."</td>
<td>".$item['part_number']."</td>
<td>".$item['description']."</td>
<td>".$item['quantity']."</td>
</tr>";
}
$message .= "</tbody>
</table>
<p>End of buyer data report</p>
<hr />
</body>
</html>"; //end of $message
Take note specifically of:
<tbody>";
foreach($cart as $item) {
$message .="<tr>
<td>" . $item['id'] ."</td>
<td>".$item['part_number']."</td>
<td>".$item['description']."</td>
<td>".$item['quantity']."</td>
</tr>";
}
$message .= "</tbody>
</table>
Related
I have the following mail script with the structure shown below:
<?php
$to = 'example#testing';
$subject = 'Testing';
$from = 'test#email.com';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
// Compose a simple HTML email message
$message = '<html><body>';
$message .= '<h1 style="color:#f40;">Hi!</h1>';
$message .= '<p style="color:#080;font-size:18px;">This is a test.</p>';
$message .= '</body></html>';
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
?>
I then would like to put the following table inside the body as well but when adding the following, the PHP does not work:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<style type="text/css">
tr.header
{
font-weight:bold;
}
tr.alt
{
background-color: #777777;
}
</style>
<script type="text/javascript">
$(document).ready(function(){
$('.striped tr:even').addClass('alt');
});
</script>
<title></title>
</head>
<body>
<?php
$server = mysql_connect("localhost","root", "");
$db = mysql_select_db("MyDatabase",$server);
$query = mysql_query("SELECT first_name, last_name, sign_date FROM Table1 WHERE sign_date = NOW()");
?>
<table class="striped">
<tr class="header">
<td>first_name</td>
<td>last_name</td>
<td>sign_date</td>
</tr>
<?php
while ($row = mysql_fetch_array($query)) {
echo "<tr>";
echo "<td>".$row[first_name]."</td>";
echo "<td>".$row[last_name]."</td>";
echo "<td>".$row[sign_date]."</td>";
echo "</tr>";
}
?>
</table>
<?php
$server = mysql_connect("localhost","root", "");
$db = mysql_select_db("MyDatabase",$server);
$query = mysql_query("SELECT employee_id, job_title, address FROM Table1 WHERE sign_date = NOW()");
?>
<table class="striped">
<tr class="header">
<td>employee_id</td>
<td>job_title</td>
<td>address</td>
</tr>
<?php
while ($row = mysql_fetch_array($query)) {
echo "<tr>";
echo "<td>".$row[employee_id]."</td>";
echo "<td>".$row[job_title]."</td>";
echo "<td>".$row[address]."</td>";
echo "</tr>";
}
?>
</table>
</body>
</html>
How can the two simply be added together. The PHP does not seem to be read and is ignored when combining the two, what is the most effective way of having the two scripts work together?
You can likely combine the two parts like this - the PHP code needs to run before the mail is sent ( I found the "but when adding the following, the PHP does not work" a little confusing )
<?php
$server = mysql_connect("localhost","root", "");
$db = mysql_select_db("MyDatabase",$server);
$to = 'example#testing';
$subject = 'Testing';
$from = 'test#email.com';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
$message="
<html>
<head>
<title></title>
<style>
tr.header { font-weight:bold; }
tr.alt { background-color: #777777; }
tr:nth-of-type(even) td{background-color:#777777}
</style>
</head>
<body>
<table class='striped'>
<tr class='header'>
<td>first_name</td>
<td>last_name</td>
<td>sign_date</td>
</tr>";
$query = mysql_query('SELECT first_name, last_name, sign_date FROM Table1 WHERE sign_date = NOW()');
while ( $row = mysql_fetch_array( $query ) ) {
$message.='
<tr>
<td>'.$row['first_name'].'</td>
<td>'.$row['last_name'].'</td>
<td>'.$row['sign_date'].'</td>
</tr>';
}
$message.="
</table>
<table class='striped'>
<tr class='header'>
<td>employee_id</td>
<td>job_title</td>
<td>address</td>
</tr>";
$query = mysql_query('SELECT employee_id, job_title, address FROM Table1 WHERE sign_date = NOW()');
while ($row = mysql_fetch_array($query)) {
$message.='
<tr>
<td>'.$row[employee_id].'</td>
<td>'.$row[job_title].'</td>
<td>'.$row[address].'</td>
</tr>';
}
$message.="
</table>
</body>
</html>
";
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
?>
When you add the HTML to the body it becomes a string.
A string can convert php variables to strings. But can't execute php code.
You'll have to execute the PHP code in advance. Add the data from the PHP code to the HTML and then add the HTML to the message body.
EDIT:
This is an example of how it would work:
<?php
$html = generateHTML();
$to = 'example#testing';
$subject = 'Testing';
$from = 'test#email.com';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Create email headers
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
// Compose a simple HTML email message
$message = $html;
// Sending email
if(mail($to, $subject, $message, $headers)){
echo 'Your mail has been sent successfully.';
} else{
echo 'Unable to send email. Please try again.';
}
function generateHTML(){
$html = '<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><style type="text/css">tr.header{font-weight:bold;}tr.alt{background-color: #777777;}</style><script type="text/javascript">$(document).ready(function(){$(".striped tr:even").addClass("alt");});</script><title></title></head><body><table class="striped"><tr class="header"><td>first_name</td><td>last_name</td><td>sign_date</td></tr>';
$server = mysql_connect("localhost","root", "");
$db = mysql_select_db("MyDatabase",$server);
$query = mysql_query("SELECT first_name, last_name, sign_date FROM Table1 WHERE sign_date = NOW()");
while ($row = mysql_fetch_array($query)) {
$html.="<tr>";
$html.="<td>".$row[first_name]."</td>";
$html.="<td>".$row[last_name]."</td>";
$html.="<td>".$row[sign_date]."</td>";
$html.="</tr>";
}
$html.='</table><table class="striped"><tr class="header"><td>employee_id</td>td>job_title</td><td>address</td></tr>';
$server = mysql_connect("localhost","root", "");
$db = mysql_select_db("MyDatabase",$server);
$query = mysql_query("SELECT employee_id, job_title, address FROM Table1 WHERE sign_date = NOW()");
while ($row = mysql_fetch_array($query)) {
$html.="<tr>";
$html.="<td>".$row[employee_id]."</td>";
$html.="<td>".$row[job_title]."</td>";
$html.="<td>".$row[address]."</td>";
$html.="</tr>";
}
$html.= '</table></body></html>';
return $html;
}
?>
I'm working in PHP and I have a simple shopping cart which adds items when you click the add button.
Everything is collected in a variable called $cartOutput
When I echo it, it gives me everything in the cart as expected. Same with var_dump . Everything is there
However, when I try to put it in an email and send it off. It cuts off the first item. Can anyone think of why this might be?
Nothing filters it before it is put into the email. It is simply what is in the variable
here is an example...
// e.g of the php variable being assembled for each item
$cartOutput .= "<tr>";
$cartOutput .= "<td>" . $product_name . "</td>";
$cartOutput .= "<td>$" . $price . "</td>";
// emailing the variables off here
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$company = $_POST['company'];
$name = $_POST['name'];
$address = $_POST['address'];
$address2 = $_POST['address2'];
$commercialAdd = $_POST['commercial'];
$residentialAdd = $_POST['residential'];
$city = $_POST['city'];
$province = $_POST['province'];
$postal_code = $_POST['postal_code'];
$email = $_POST['email'];
$special_instructions = $_POST['special_instructions'];
$date = date("Y/m/d");
$time = date("h:i:sa");
$to = "xxx#gmail.com";
$header = "Cc:xxx#somedomain.com \r\n";
$subject = "Email Order - $company ($date - $time)";
$message = <<<EOD
<h1>Email Order - $date - $time </h1>
<h3><strong><u>Company:</u></strong> $company</h3>
<h3><strong><u>Name:</u></strong> $Name </h3>
<h3><strong><u>Address:</u></strong> $address<br>
$address2</h3>
<h3><strong><u>Residential:</u></strong> $commercialAdd </h3>
<h3><strong><u>Commercial:</u></strong> $residentialAdd </h3>
<h3><strong><u>City:</u></strong> $city</h3>
<h3><strong><u>Province:</u></strong> $province</h3>
<h3><strong><u>Postal Code:</u></strong> $postal_code</h3>
<h3><strong><u>Phone Number:</u></strong> $phone</h3>
<h3><strong><u>Email:</u></strong> $email</h3>
<h3><strong><u>Special Instructions:</u></strong> $special_instructions</h3>
<table>
<thead>
<tr>
<th>Item</th>
<th>Price</th>
<th>Weight (Kg)</th>
<th>Qty</th>
<th>Subtotal</th>
<th></th>
</tr>
</thead>
<tbody>
$cartOutput
<tr>
<td class="totals"><strong>Total</strong></td>
<td class="totals"> </td>
<td class="totals">$weightTotal kg</td>
<td class="totals">$quantityTotal</td>
<td class="totals">$ $cartTotal</td>
<td class="totals"> </td>
<tr>
</tbody>
</table>
EOD;
$header .= "MIME-Version: 1.0\r\n";
$header .= "Content-type: text/html\r\n";
$retval = mail ($to,$subject,$message,$header);
if( $retval == true ) {
header("location: complete.php");
exit();
}
else {
echo "Order could not be sent. Please try again or contact our office for assistance";
}
}
Probably you are running into an email format issue. mail() requires the body to end each line in \r\n AND be less than 70 characters each. You will need to encode you HTML or include it as an attachment. See this set of instructions for an example.
im creating a form in my site. I want the costumers to be able to write and send Greek characters but in the mail im getting something like this Ï≥εÏ∞Ï≥ ελληÎ∏Βκα istead of greek characters. I tryed to change the encoding to UTF-8 with this code:
mail($recipient, $subject, '=?UTF-8?B?'.base64_encode($content).'?=');
Thsis code works in another server that ive tested it but doesnt work in my server. Can anybody help?
Here is my full php code
<?php
if ((isset($_POST['name'])) && (strlen(trim($_POST['name'])) > 0)) {
$name = stripslashes(strip_tags($_POST['name']));
} else {$name = 'No name entered';
}
if ((isset($_POST['lastname'])) && (strlen(trim($_POST['lastname'])) > 0)) {
$lastname = stripslashes(strip_tags($_POST['lastname']));
} else {$lastname = 'No name entered';
}
if ((isset($_POST['nomos'])) && (strlen(trim($_POST['nomos'])) > 0)) {
$nomos = stripslashes(strip_tags($_POST['nomos']));
} else {$nomos = 'No name entered';
}
if ((isset($_POST['polh'])) && (strlen(trim($_POST['polh'])) > 0)) {
$polh = stripslashes(strip_tags($_POST['polh']));
} else {$polh = 'No name entered';
}
if ((isset($_POST['address'])) && (strlen(trim($_POST['address'])) > 0)) {
$address = stripslashes(strip_tags($_POST['address']));
} else {$address = 'No name entered';
}
if ((isset($_POST['TK'])) && (strlen(trim($_POST['TK'])) > 0)) {
$TK = stripslashes(strip_tags($_POST['TK']));
} else {$TK = 'No name entered';
}
if ((isset($_POST['email'])) && (strlen(trim($_POST['email'])) > 0)) {
$email = stripslashes(strip_tags($_POST['email']));
} else {$email = 'No email entered';
}
if ((isset($_POST['phone'])) && (strlen(trim($_POST['phone'])) > 0)) {
$phone = stripslashes(strip_tags($_POST['phone']));
} else {$phone = 'No phone entered';
}
if ((isset($_POST['sxolia'])) && (strlen(trim($_POST['sxolia'])) > 0)) {
$sxolia = stripslashes(strip_tags($_POST['sxolia']));
} else {$sxolia = 'Δεν υπάρχουν σχόλια';
}
ob_start();
?>
<html>
<head>
<style type="text/css">
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<table width="550" border="1" cellspacing="2" cellpadding="2">
<tr bgcolor="#eeffee">
<td>Όνομα</td>
<td><?=$name; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Επίθετο</td>
<td><?=$lastname; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Νομός</td>
<td><?=$nomos; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Πόλη</td>
<td><?=$polh; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Διεύθυνση</td>
<td><?=$address; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>T.Κ</td>
<td><?=$TK; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Τηλέφωνο</td>
<td><?=$phone; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Email</td>
<td><?=$email; ?></td>
</tr>
<tr bgcolor="#eeffee">
<td>Σχόλια</td>
<td><?=$sxolia; ?></td>
</tr>
</table>
</body>
</html>
<?
$body = ob_get_contents();
$to = 'mymail#yahoo.gr';
$email = 'mymail#yahoo.gr';
$fromaddress = "address";
$fromname = "Online Contact";
require ("phpmailer.php");
$mail = new PHPMailer();
$mail -> From = "address";
$mail -> FromName = "Book Order";
$mail -> AddAddress("mymail#gmail.com", "Name 5");
$mail -> WordWrap = 50;
$mail -> IsHTML(true);
$mail -> Subject = "Book Form: Book form submitted";
$mail -> Body = $body;
$mail -> AltBody = "This is the text-only body";
if (!$mail -> Send()) {
$recipient = 'mymail#yahoo.gr';
$subject = 'Contact form failed';
$content = $body;
$header = 'Content-type: text/html; charset=UTF-8' . "\r\n";
mail($recepient,$subject, '=?UTF-8?B?'.base64_encode($content).'?=', $header);
exit ;
}
?>
The encoded-word syntax is expected for the subject or other header field values but not for the body; there you can use MIME and Content-Type:
$headerFields = array('MIME-Version: 1.0', 'Content-Type: text/plain;charset=utf-8');
mail($recipient, '=?UTF-8?B?'.base64_encode($subject).'?=', $content, implode("\r\n", $headerFields));
Try this.
$header = 'Content-type: text/plain; charset=UTF-8' . "\r\n";
mail($recepient,$subject, '=?UTF-8?B?'.base64_encode($content).'?=', $header);
use Content-type: text/html if you are sending a html email.
Where does $content come from? Do you do anything like substr($content) that's not multibyte-safe, before mail()ing it?
/* Set internal character encoding to UTF-8 */
mb_internal_encoding("UTF-8");
$headers = 'MIME-Version: 1.1';
$headers .= 'Content-type: text/html; charset=utf-8';
$headers .= "From: $name <$email>";
$headers .= "Return-Path: $emailTo";
$headers .= "Reply-To: $email";
$headers .= "X-Mailer: PHP/". phpversion();
That happens with Greek Characters φίλε μου.
I edited the settings of my mailbox.
For example in Roundcube
Settings > Displaying Messages > Advanced Settings >
Default Character Set = UTF-8 (Unicode)
I found a solution at web after 8 hours dealing with the same problem...
It worked for me (php, html form and mysql) =>
http://akrabat.com/php/utf8-php-and-mysql/
I'm trying to make a conditional statement to stop an email alert when the fail.php is called. Right now I'm getting an email alert for both good and fail results.
I do not want to receive an email if the the result failed. Should I make two scripts or is there a way t make this work together?
Thanks
Here is the section I'm referring to along with the whole script.
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
<?
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
Remove the first instance of mail($to, $subject, $msg, $headers);.
Then, for good measure, check the number of rows affected, rather than true/false (although both should work).
if (mysql_affected_rows($result) > 0) {
}
If you check your code
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
This code is already sending the mail regard less of the result.
You just need to remove this line from top code
mail($to, $subject, $msg, $headers);
and your code will work fine.
Final code, kindly test ite
<?
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
I currently see some sql injections plus invalid query first_name, extra , at the end, constants used in posts array keys, a mix of request and post, large html block of code and no checks on validity of the values passed.
If you check for valid values then you can determine if the script should continue to the mail and update the database parts:
Heres a clean up of your code hope it helps:
<?php
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['first_name']) && strlen($_POST['first_name'])>1){
$first_name=$_POST['first_name'];
}
if(isset($_POST['reg']) && strlen($_POST['reg'])>1){
$reg=$_POST['reg'];
}
if(isset($_POST['connect_date']) && strlen($_POST['connect_date'])>1){
$connect_date=$_POST['connect_date'];
}
if(!isset($first_name) || !isset($reg) || !isset($connect_date)){
header("location: reg_add_fail.php");
exit();
}
}else{
//the page the post from
header("location: reg_form.php");
exit();
}
$msg=<<<EMAIL
<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing="0" cellpadding="10" border="1" align="left">
<tr>
<td align="left" width="150px">Registery No.:</td>
<td align="left">$reg</td>
</tr>
<tr>
<td align="left">First Name:</td>
<td align="left">$first_name </td>
</tr>
<tr>
<td align="left">Connection Date:</td>
<td align="left">$connect_date</td>
</tr>
<tr>
<td align="left" colspan="2">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
EMAIL;
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,connect_date, reg, first_name)
VALUES ('{$submit_date}',".mysql_real_escape_string($connect_date)."','".mysql_real_escape_string($reg)."nv','".mysql_real_escape_string($first_name)."')";
$result = mysql_query($order);
header("Location: ./reg_add_success.php?reg=".urlencode($reg)."&first_name=".urlencode($first_name));
die;
?>
I just discovered that I'm still receiving an email EVEN when there is an error (reg_add_fail.php). Is it possible to stop the script from emailing me IF the client is directed to reg_add_fail.php? Confused...
I simplified the script to condense.
Many thanks.
Erik
<?
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if ($result) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
Put exit() after the redirect
header("location: reg_add_fail.php");
exit();
Just because you call header() doesn't mean the script stops executing immediately. Calling exit() will.
In your code, the PHP mail() function is being called outside the IF statement, so, you always get the email.
To send the email only when the query runs without errors, place the mail() inside the if statement!
PHP
if ($result) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
EDITED TO SHOW THE ENTIRE CODE:
<?php
// Email Recipient
$to = 'newreg#41q.org';
// Email Subject
$subject = 'New Homeless Connection';
// Email Message
$msg = '
<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing="0" cellpadding="10" border="1" align="left">
<tr>
<td align="left" width="150px">Registery No.:</td>
<td align="left">'.$reg.'</td>
</tr>
<tr>
<td align="left">First Name:</td>
<td align="left">'.$first_name.'</td>
</tr>
<tr>
<td align="left">Connection Date:</td>
<td align="left">'.$connect_date.'</td>
</tr>
<tr>
<td align="left" colspan="2">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>';
// Email Headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
// Prepare Database Query
$order = "
INSERT INTO reg_add (
submit_date,
connect_date,
reg,
first_name
)
VALUES (
'".$submit_date."',
'".$_POST['connect_date']."',
'".$_POST['reg']."nv',
'".$_POST['first_name']."'
)";
// Query Database
$result = mysql_query($order);
// Check If the result is valid
if ($result) {
// send email
mail($to, $subject, $msg, $headers);
// prepare and direct the user to the reg_add_success Page
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
// send the user to the reg_add_fail Page
header("location: reg_add_fail.php");
// exit from the script
exit();
}
?>