I am trying to echo a for loop inside a html mail message, the loop is
for($i=0; $i<$arrlength; $i++)
{
echo $mailroom[$i] ;
if ($i<($arrlength-1) )
{
echo " & ";
}
}
It is printing the results perfectly, but it not printing any result at the html message, the html message is
$headers = "From: ". "XXXX" . "<" . $frommail . ">\r\n";
$headers .= "Reply-To: " . $frommail . "\r\n";
$headers .= "Return-path: ". $frommail;
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$sendmessage = "
<html>
<head>
<title>XXXXXX DETAILS</title>
</head>
<body>
<p>DATA FOR XXXXXXXXXX</p>
<table border=1>
<tr>
<th>Booked on</th>
<th>Name</th>
<th>Bank</th>
<th>UIN</th>
<th>Phone</th>
<th>From</th>
<th>To</th>
<th>Room No.s</th>
<th>Tariff</th>
<th>Caution Money</th>
<th>Courier</th>
<th>Bank Charges</th>
<th>Total Received</th>
</tr>
<tr>
<td>$mailtoday</td>
<td>$name (ESP)</td>
<td> </td>
<td>$uin</td>
<td>$phone</td>
<td>$mailfrom</td>
<td>$mailto</td>
<td>
**for($i=0; $i<$arrlength; $i++)
{
echo $mailroom[$i] ;
if ($i<($arrlength-1) )
{
echo " & ";
}
}**
</td>
<td>$room_total</td>
<td>$c_money</td>
<td>$courier</td>
<td>$b_charges</td>
<td>$totalreceived</td>
</tr>
</table>
</body>
</html>
";
`
Can I put the for loop inside a variable so that I can use it withing the html message or otherwise later.
You have to close off your string before attempting to use a non-string value. In this case I'd do like this:
"<td>$name (ESP)</td>
<td> </td>
<td>$uin</td>
<td>$phone</td>
<td>$mailfrom</td>
<td>$mailto</td>
<td>" . implode(' & ', $mailroom) . "</td>
<td>$room_total</td>
<td>$c_money</td>"
You cannot use a for-loop (or any other statement for that matter) in a string.
Instead you need to concatenate your string inside the loop. For example:
$myString = "test ";
for($i = 0; $i < 3; $i++) {
$myString = $myString . "$i, ";
}
$myString = $myString . " end!";
echo $myString; // shows "test 1, 2, 3, end!"
(I created this small example, as you code snippet is quite long, but the same applies)
No,You can't do this. The double quotation marks is for variable replacement. Not for code running.
Try this
$headers = "From: ". "XXXX" . "<" . $frommail . ">\r\n";
$headers .= "Reply-To: " . $frommail . "\r\n";
$headers .= "Return-path: ". $frommail;
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$sendmessage = "
<html>
<head>
<title>XXXXXX DETAILS</title>
</head>
<body>
<p>DATA FOR XXXXXXXXXX</p>
<table border=1>
<tr>
<th>Booked on</th>
<th>Name</th>
<th>Bank</th>
<th>UIN</th>
<th>Phone</th>
<th>From</th>
<th>To</th>
<th>Room No.s</th>
<th>Tariff</th>
<th>Caution Money</th>
<th>Courier</th>
<th>Bank Charges</th>
<th>Total Received</th>
</tr>
<tr>
<td>$mailtoday</td>
<td>$name (ESP)</td>
<td> </td>
<td>$uin</td>
<td>$phone</td>
<td>$mailfrom</td>
<td>$mailto</td>
<td>";
for($i=0; $i<$arrlength; $i++)
{
$sendmessage.= $mailroom[$i] ;
if ($i<($arrlength-1) )
{
$sendmessage .= "& ";
}
}
$sendmessage.=" </td>
<td>$room_total</td>
<td>$c_money</td>
<td>$courier</td>
<td>$b_charges</td>
<td>$totalreceived</td>
</tr>
</table>
</body>
</html>";
use this code, you missed php opening <?php and closing ?> tags
$sendmessage .= ".........<td>";
for($i=0; $i<$arrlength; $i++)
{
$sendmessage .= $mailroom[$i] ;
if ($i<($arrlength-1) )
{
$sendmessage .= " & ";
}
}
$sendmessage .= "</td>.........";
Related
I want to send email with multiple rows from database in php but when I send email that time send multiple email with single row data but I want single email with multiple rows.
I don't know where I am wrong. Below is my running code in php and mysql.
$fm_id = $_POST['fm_id'];
$issue = $_POST['issue'];
$resolution = $_POST['resolution'];
$fstatus = $_POST['fstatus'];
$date3= date("Y-m-d h:i:s");
$time2= date("h:i:s");
for ($i = 0; $i < count($fm_id); $i++)
{
$update=("UPDATE fm_status SET problem='$issue[$i]', solution='$resolution[$i]',status='$fstatus[$i]' WHERE fm_id='$fm_id[$i]'");
$res=mysql_query($update);
$update1=("UPDATE fm_status SET date2='$date3', time2='$time2' WHERE fm_id='$fm_id[$i]'");
$res1=mysql_query($update1);
$to ='abc#gmail.com'. ', ';
$to .='abc#abc.com';
$subject="Ticket Details from ";
$header="Solution ";
$header = 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= 'From: FM Engineer<solution#abc.com>' . "\r\n" ;
$message = '<html><body>';
$message .= '<head>';
$message .= '</head>';
$message .= " <align=center> <div id='apDiv2'>
<table id='table1' border='1' cellpadding='5' cellspacing='5' class='tinytable cf'>
<thead>
<tr>
<th><h3> Raised By </h3></th>
<th><h3> Issue </h3></th>
<th><h3> Resolution </h3></th>
<th><h3> Status </h3></th>
</tr> </thead>
<tbody>
<td> ".$issue[$i]."</td>
<td> ".$issue[$i]."</td>
<td> ".$resolution[$i]."</td>
<td> ".$issue[$i]."</td>
</tr><tbody></table>";
$message .= '<br>';
$message .= "</body></html>";
$sentmail = mail($to,$subject,$message,$header);
echo $sentmail;
}
I think this is more along the lines of what you are looking for (I am not going to reiterate the warnings regarding mysql_* functions). If you are trying to add rows to your table to send in one email, then just have the rows built by the for loop like so:
$fm_id = $_POST['fm_id'];
$issue = $_POST['issue'];
$resolution = $_POST['resolution'];
$fstatus = $_POST['fstatus'];
$date3= date("Y-m-d h:i:s");
$time2= date("h:i:s");
$to ='abc#gmail.com'. ', ';
$to .='abc#abc.com';
$subject="Ticket Details from ";
$header="Solution ";
$header = 'MIME-Version: 1.0' . "\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header .= 'From: FM Engineer<solution#abc.com>' . "\r\n" ;
$message = '<html>';
$message .= '<head>';
$message .= '</head><body>';
$message .= " <align=center> <div id='apDiv2'>
<table id='table1' border='1' cellpadding='5' cellspacing='5' class='tinytable cf'>
<thead>
<tr>
<th><h3> Raised By </h3></th>
<th><h3> Issue </h3></th>
<th><h3> Resolution </h3></th>
<th><h3> Status </h3></th>
</tr> </thead>
<tbody>";
for ($i = 0; $i < count($fm_id); $i++)
{
$update=("UPDATE fm_status SET problem='$issue[$i]', solution='$resolution[$i]',status='$fstatus[$i]' WHERE fm_id='$fm_id[$i]'");
$res=mysql_query($update);
$update1=("UPDATE fm_status SET date2='$date3', time2='$time2' WHERE fm_id='$fm_id[$i]'");
$res1=mysql_query($update1);
$message .= "<tr>
<td> ".$issue[$i]."</td>
<td> ".$issue[$i]."</td>
<td> ".$resolution[$i]."</td>
<td> ".$issue[$i]."</td>
</tr>";
}
$message .= '<tbody></table><br>';
$message .= "</body></html>";
$sentmail = mail($to,$subject,$message,$header);
echo $sentmail;
I want the email message which contain the order details of customers.This code is ok for only one order but I don't know how to send message if customer select more than one products.
Here is my code :
include('connect.php');
if(!isset($_SESSION["id"]))
{
header("location:order_login.php");
}
$id=$_SESSION["id"];
$emp_name=$_SESSION['name'];
$result=$mysqli->query("select order_id from orders where user_id='$id' ORDER BY order_id desc limit 1");
$obj=$result->fetch_object();
$order_id=$obj->order_id;
$results=$mysqli->query("select * from order_details where order_id=$order_id");
while($obj=$results->fetch_object())
{
$product_name=$obj->product_name;
$product_code=$obj->product_code;
$qty=$obj->qty;
$subtotal=$obj->sub_total;
}
$to="demo#gmail.com";
$bcc_mail="demo#gmail.com";
$subject= "Order Confirmation";
$message ='
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tr>
<td>Name</td>
<td>Product Code</td>
<td>Quantity</td>
<td>Sub Total</td>
</tr>
<tr>
<td>'.$product_name.'</td>
<td>'.$product_code.'</td>
<td>'.$qty.'</td>
<td>'.$subtotal.'</td>
</tr>
</table>';
echo $message;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: test#gmail.com'."\r\n";
$headers .= "Bcc: $bcc_mail\r\n";
mail($to, $subject, $message, $headers);
unset($_SESSION['products']);
?>
please check my code thanks.
You should create a new tr section for each product:
include('connect.php');
if(!isset($_SESSION["id"]))
{
header("location:order_login.php");
}
$id=$_SESSION["id"];
$emp_name=$_SESSION['name'];
$result=$mysqli->query("select order_id from orders where user_id='$id' ORDER BY order_id desc limit 1");
$obj=$result->fetch_object();
$order_id=$obj->order_id;
$to="demo#gmail.com";
$bcc_mail="demo#gmail.com";
$subject= "Order Confirmation";
$message ='
<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tr>
<td>Name</td>
<td>Product Code</td>
<td>Quantity</td>
<td>Sub Total</td>
</tr>';
$results=$mysqli->query("select * from order_details where order_id=$order_id");
while($obj=$results->fetch_object())
{
$product_name=$obj->product_name;
$product_code=$obj->product_code;
$qty=$obj->qty;
$subtotal=$obj->sub_total;
$message .='
<tr>
<td>'.$product_name.'</td>
<td>'.$product_code.'</td>
<td>'.$qty.'</td>
<td>'.$subtotal.'</td>
</tr>';
}
$message .='
</table>';
echo $message;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: test#gmail.com'."\r\n";
$headers .= "Bcc: $bcc_mail\r\n";
mail($to, $subject, $message, $headers);
unset($_SESSION['products']);
?>
Please try this code hope this helps:
$result=$mysqli->query("select order_id from orders where user_id='$id' ORDER BY order_id desc limit 1");
$obj=$result->fetch_object();
$order_id=$obj->order_id;
$results=$mysqli->query("select * from order_details where order_id=$order_id");
$to="demo#gmail.com";
$bcc_mail="demo#gmail.com";
$subject= "Order Confirmation";
$message .='<table width="100%" border="1" cellpadding="0" cellspacing="0">
<tr>
<td>Name</td>
<td>Product Code</td>
<td>Quantity</td>
<td>Sub Total</td>
</tr>';
while($obj=$results->fetch_object())
{
$product_name=$obj->product_name;
$product_code=$obj->product_code;
$qty=$obj->qty;
$subtotal=$obj->sub_total;
$message .= '
<tr>
<td>'.$product_name.'</td>
<td>'.$product_code.'</td>
<td>'.$qty.'</td>
<td>'.$subtotal.'</td>
</tr>';
}
$message .= '</table>';
echo $message;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: test#gmail.com'."\r\n";
$headers .= "Bcc: $bcc_mail\r\n";
mail($to, $subject, $message, $headers);
unset($_SESSION['products']);
?>
What I did here is just looping the tr which contains data from the db. I haven't tried it though but sure it'll work. Enjoy!
This question already has answers here:
php send e-mail with PDF attachment
(4 answers)
Closed 7 years ago.
Good day! My code is working great if the format is in msword but when i changed it to PDF it becomes corrupted what should i do? Please help me.
$headers = "From:<noreply#example.com.ph>";
$to = 'example#example.com';
$subject = 'Purchase Order';
$message .= 'Please see attached file';
$txt .=" <html> <body>
<p><b> PO Number:</b>
$purchasenumber</p>
<p><b> Style Code:</b> $styleCode</p>
<p><b> Generic Number:</b> $gennum</p>
<p><b> Vendor Name:</b> $vendname</p>
<p><b> Planned Delivery Date:</b>
$pdelivdate</p> <br/> <br/>
<table border=1 style='width:100%' cellpadding='0'>
<thead>
<tr>
<th width='16.7%'>Material Number</th>
<th width='16.7%'>Color</th>
<th width='16.7%'>Size</th>
<th width='16.7%'>Ordered QTY</th>
<th width='16.7%'>Total Cost</th>
<th width='16.7%'>Total SRP</th>
</tr>
</thead>
<tbody>
";
$statement = $db->prepare("SELECT * FROM purchaseorderproductitem where purchaseorderID = :pid");
$statement->execute(array(':pid' => $purchasenumber));
foreach ($statement->fetchAll() as $row)
{ $matnum = $row['materialnumber']; $color = $row['color']; $size = $row['size']; $qty = $row['quantity']; $units = $row['units']; $curcost = $qty * $cost; $cursrp = $qty * $srp; $curcost = number_format($curcost, 2, '.', ''); $cursrp = number_format($cursrp, 2, '.', '');
$txt .="
<tr> <td width='16.7%'>$matnum</td> <td width='16.7%'>$color</td> <td width='16.7%'>$size</td> <td width='16.7%'>$qty $units</td> <td width='16.7%'>$curcost</td> <td width='16.7%'>$cursrp</td> </tr>
";
}
$txt .="
<tr> <td width='16.7%' text-align:'center'>Total</td> <td width='16.7%'> </td> <td width='16.7%'> </td> <td width='16.7%'>$totalqty pcs</td> <td width='16.7%'>$totalcost</td> <td width='16.7%'>$totalsrp </td> </tr>
</body> </table> </html>
";
// Always set content-type when sending HTML email $message = "MIME-Version: 1.0" . "\r\n"; // $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; $message .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$fileatt_name2 = "PurchaseOrder.pdf";
$semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
// Add the headers for a file attachment $headers .= "\nMIME-Version:
1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\""; $data2 = chunk_split(base64_encode($txt));
$message = "{$mime_boundary}\n" . "Content-Type: text/plain; charset=iso-8859-1; format=flowed\n" . "Content-Transfer-Encoding: 7bit\n\n" .
$message .= "{$mime_boundary}\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" .
// Add file attachment to the message $message .= "--{$mime_boundary}\n" . "Content-Type: application/octet-stream;\n" . // {$fileatt_type} " name=\"{$fileatt_name2}\"\n" . "Content-Disposition: attachment;\n" . " filename=\"{$fileatt_name2}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data2 . "\n\n" . "--{$mime_boundary}--\n";
// Send the message $send = mail($to, $subject, $message, $headers);
Can you please help me to solve this issue? Thanks in advance!
You can use a combination of PHPMailer:
http://phpmailer.worxware.com/
And TCPDF:
http://www.tcpdf.org/
To accomplish this task. I will not cover the processes in detail as code examples would be quite tedious to create however both pieces of software have detailed documentation and examples found here:
https://github.com/Synchro/PHPMailer
And here:
http://www.tcpdf.org/docs.php
Edit:
If you do not want to to use something that just works like PHPMailer then I would ensure that the correct headers are being sent.
One useful trick i have found here too is that if you open said corrupted file in a text editor, you most usually find useful information at the very beginning relating to any errors that may have occurred while processing the output.
Edit:
Just guessing here but your last few lines of code I believe should read as follows:
// Add the headers for a file attachment
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . "boundary=\"{$mime_boundary}\""; $data2 = chunk_split(base64_encode($txt));
$headers .= "{$mime_boundary}\n"."Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n";
// Add file attachment to the message
$headers .= "--{$mime_boundary}\n" . "Content-Type: application/octet-stream;\n" . {$fileatt_type} " name=\"{$fileatt_name2}\"\n" . "Content-Disposition: attachment;\n" . " filename=\"{$fileatt_name2}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data2 . "\n\n" . "--{$mime_boundary}--\n";
// Send the message
$send = mail($to, $subject, $message, $headers);
You had concatenated the end of one of the statements instead of ending it with a semicolon ;
You were adding the headers to the $message variable, they should rather be in the $headers variable correct?
You had added one of the headers twice.
What am I doing wrong here. When a user submits the form, it shows up in my inbox with their name as their email address and I would like it to be the name that they input in the form. here is my code.
<?php
//error_reporting(0);
//include("connection.php");
$n=$_POST['name'];
$e=$_POST['email'];
$p=$_POST['phone'];
$t1=$_POST['tot_eth'] ;
$t2=$_POST['tot_tax'];
$t3=$_POST['tot_acct'];
$t4=$_POST['tot_tot'];
$i=1;
while($i<13)
{
${'date' . $i} = $_POST["date$i"] ;
${'seminar'.$i}=$_POST["seminar$i"] ;
${'sponser'.$i}=$_POST["sponser$i"] ;
${'ethics'.$i}=$_POST["ethics$i"] ;
${'tax'.$i}=$_POST["tax$i"] ;
${'acct'.$i}=$_POST["acct$i"] ;
${'t'.$i}=$_POST["total$i"] ;
$i++;
}
//session_start();
$to = "mj#ntatax.com";
$from=$n $e;
$subject = "2015 CPE Verification Form";
// compose headers
$headers = 'From: '. $_POST['name'] . ' <' . $e . '>\r\n' .
'Reply-To:' .$from . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// compose message
$message ='<html>
<body>
<p>
From Name : '.$n.'<br>
From Email : '.$e.'<br>
Phone Number : '.$p.'<br><br>
</p>
<table cellpadding="5"> <tr>
<td>Date </td>
<td>Seminar Attended and Location </td>
<td>Sponsor </td>
<td>Ethics Hours </td>
<td>Tax Hours </td>
<td>Acct Hours</td>
<td>Total Hours</td>
</tr>
';
for ($i=1;$i<=13;$i++){
$message .='<tr>
<td>'.${'date' . $i}.'</td>
<td>'.${'seminar'.$i}.'</td>
<td>'.${'sponser'.$i}.'</td>
<td>'.${'ethics'.$i}.'</td>
<td>'.${'tax'.$i}.'</td>
<td>'.${'acct'.$i}.'</td>
<td>'.${'t'.$i}.'</td>
</tr>';
}
$message .=' <tr></tr>
<tr>
<td colspan=2>
<td><p style="text-align: right">Total</p></td>
<td>'.$_POST['tot_eth'].'</td>
<td>'.$_POST['tot_tax'].'</td>
<td >'.$_POST['tot_acct'].'</td>
<td >'.$_POST['tot_tot'].'</td> </td>
</tr> </table>
</body>
</html>';
$message = wordwrap($message, 270);
// send email
mail($to,$subject, $message, $headers,"'".'-f '.$from."'");
// mail($to,$subject, $message, $headers,"'".'-f '.$from."'");
session_start();
//$_SESSION['send1']="Thanks For Contacting Us,Your Query Will Be Replied At the Earliest.";
header("location:http://www.waainc.org");
?>
I'm trying to make a conditional statement to stop an email alert when the fail.php is called. Right now I'm getting an email alert for both good and fail results.
I do not want to receive an email if the the result failed. Should I make two scripts or is there a way t make this work together?
Thanks
Here is the section I'm referring to along with the whole script.
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
<?
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
Remove the first instance of mail($to, $subject, $msg, $headers);.
Then, for good measure, check the number of rows affected, rather than true/false (although both should work).
if (mysql_affected_rows($result) > 0) {
}
If you check your code
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
This code is already sending the mail regard less of the result.
You just need to remove this line from top code
mail($to, $subject, $msg, $headers);
and your code will work fine.
Final code, kindly test ite
<?
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
I currently see some sql injections plus invalid query first_name, extra , at the end, constants used in posts array keys, a mix of request and post, large html block of code and no checks on validity of the values passed.
If you check for valid values then you can determine if the script should continue to the mail and update the database parts:
Heres a clean up of your code hope it helps:
<?php
$to = 'newreg#41q.org';
$subject = 'New Homeless Connection';
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['first_name']) && strlen($_POST['first_name'])>1){
$first_name=$_POST['first_name'];
}
if(isset($_POST['reg']) && strlen($_POST['reg'])>1){
$reg=$_POST['reg'];
}
if(isset($_POST['connect_date']) && strlen($_POST['connect_date'])>1){
$connect_date=$_POST['connect_date'];
}
if(!isset($first_name) || !isset($reg) || !isset($connect_date)){
header("location: reg_add_fail.php");
exit();
}
}else{
//the page the post from
header("location: reg_form.php");
exit();
}
$msg=<<<EMAIL
<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing="0" cellpadding="10" border="1" align="left">
<tr>
<td align="left" width="150px">Registery No.:</td>
<td align="left">$reg</td>
</tr>
<tr>
<td align="left">First Name:</td>
<td align="left">$first_name </td>
</tr>
<tr>
<td align="left">Connection Date:</td>
<td align="left">$connect_date</td>
</tr>
<tr>
<td align="left" colspan="2">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
EMAIL;
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,connect_date, reg, first_name)
VALUES ('{$submit_date}',".mysql_real_escape_string($connect_date)."','".mysql_real_escape_string($reg)."nv','".mysql_real_escape_string($first_name)."')";
$result = mysql_query($order);
header("Location: ./reg_add_success.php?reg=".urlencode($reg)."&first_name=".urlencode($first_name));
die;
?>