I am making an email script in php. What happens is a mysql query is made, and the output of this is stored in the following strings :
$personal1 = $userinfo->salutation;
$personal2 = $userinfo->surname;
$business = $userinfo->businessname;
Next I have an if statement, this checks to see if the surname is blank, if it is, it then substitutes the salutation + surname with the business name. The problem I am having is that the emails keep being sent out with Dear, Business Name , even if the surname field is not blank, I am not sure what I am doing wrong with the following code for it to do this though ?.
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
EDIT >>>>>>>>>>
If I echo out the contents of the strings I get :
personal1 = Mr
personal2 = Johnson
business = Hat Trick Media
Edit 2 >>>>>>>
This is some of the code, it is then passed onto the mailer.
<?php
$cf_uid = $_GET['token'];
$query = mysql_query("SELECT * FROM hqfjt_chronoforms_data_addupdatelead WHERE cf_uid = '$cf_uid'") or die(mysql_error());
$userinfo = mysql_fetch_object($query);
$personal2 = $userinfo->surname;
$personal1 = $userinfo->salutation;
$business = $userinfo->businessname;
?>
<?php
$result = mysql_query("SELECT * FROM hqfjt_chronoforms_data_addemailtemplate");
while ($row = mysql_fetch_object($result)) {
echo '<tr class="table-row">';
echo '<th class="template-name">';
echo '<div class="namerow">';
$id = $row->cf_uid;
$form_id = $row->form_id;
$query = mysql_query("SELECT `$form_id` FROM email_history WHERE cf_id = '$user_id'") or die(mysql_error());
$datesent = mysql_fetch_object($query);
$date = $datesent->$form_id;
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
Is your code a valid statement? Your code structure is awful. Instead of...
if ($personal2=="") {
$name = $business; }
else {
$name = $personal1 . ' ' . $personal2;};
Use
if ($personal2=="") {
$name = $business;
}
else {
$name = $personal1 . ' ' . $personal2;
}
You seem to have an extra ; that you dont need.
You also dont seem to close the while loop in the code you posted...
Ok, I have found out what the problem was, $name was coming in the session from the previous page and overwriting $name on this page, I have now set it to destroy the session before it loads this page and it seems to have sorted it now, thanks for everyone's help :-)
Related
I just started learning php, i have a long way to go but i really need help with this.
So I have a page where a logged in user can create tasks and that user can select the user for who the task is. I need to do an insert query where i'll need the ID of the person selected by the user who is logged in.
This is the code that's above my HTML:
$userId = $_SESSION['id'];
$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);
if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];
$query = "INSERT INTO events (projectId, userId, name, date)
VALUES ('','', '$task', '$date')";
$result = $database->query($query);
echo "it worked";
}
This is the code in my HTML select tag, where the logged in user can select the person.
<?php
while ($row2 = mysqli_fetch_assoc($Result2)) {
$uid = $row2['id'];
$name = $row2['name'];
$lastName = $row2['lastname'];
echo "<option>" . $name . " " . $lastName . " " . $uid . "</option>";
}
?>
The problem is that I need to put the $uid variable, that's currently in the whileloop in my HTML select element, IN the first if statement above my HTML. I have tried everything but i cant seem to figure out how. It perfectly shows all of the users and their ID numbers, I just need to grab them and put them in my if statement.
Your <option>tags are surely in a <select> tag. You have to give a name to your select, and that name will be the POST parameter name you can use in your PHP server-side code.
Also, you have to assign a value attribute to each option.
Your HTML print procedure become
<?php
echo '<select name="uid">';
while ($row2 = mysqli_fetch_assoc($Result2)) {
$uid = $row2['id'];
$name = $row2['name'];
$lastName = $row2['lastname'];
echo "<option value='".$uid."'>" . $name . " " . $lastName . " " . $uid . "</option>";
}
echo '</select>';
?>
and you PHP server-side code become
$userId = $_SESSION['id'];
$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);
if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];
$uid = $_POST["uid"];
$query = "INSERT INTO events (projectId, userId, name, date) VALUES ('','', '$task', '$date')";
$result = $database->query($query);
echo "it worked";
}
If you're learning PHP, I advise to start correctly. Never access your superglobal parameters $_GET and $_POST directly without sanitize your inputs. Use some functions like filter_input()
First off, I am aware I am open to SQL injection, this is just a prototype. But it still should be working.
For the life of me I can't figure out why I can't pull an item out of my array. What could I possibly be doing wrong? I've been fiddling with this seemingly simple query for way too long and I can't seem to get it to pull out data. I feel like it is something so simple....
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
I am getting no result for $ID ....
Here is my entire code:
<html>
<head>
<?php
$email = $_GET["email"];
$servername="localhost";
$username="*****";
$password="*****";
$database="*****";
$conn= mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db("$database",$conn);
$query = 'SELECT email FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
//Checks if the email address exists in the system already
if (mysql_num_rows($result) ) {
die("Duplicate email found!");
}
else {
//use current date/time combination times the number 11 times the ID to get a unique confirmation number.
$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];
echo $row;
$date = date("mydhis");
$date2 = $date * 11 * $ID;
echo $ID . " <-> " . $date . " <-> <p>" . $date2;
$sql="insert into users (first,last,displayname,email,password,verification_email)values('$_GET[first]','$_GET[last]','$_GET[display]','$_GET[email]','$_GET[password]','$date2')";
$result=mysql_query($sql,$conn) or $string = mysql_error();
$confirmlink = "http://www.somewebsite.com/android/confirm.php?" . $date2;
$to = $_GET['email'];
$subject = "Thank you for Registering!";
$message = "Hello " . $_GET['display'] . " and thank you for registering with the Smeet app! To confirm your email address (and let us know you aren't a bot), please click the following link: " . $confirmlink;
$from = "noreply#smeet.com";
$headers = "From:" . $from;
mail($to,$subject,$message,$headers) or die('You have successfully registered however mail servers are currently down, you may or may not receive a confirmation email');
print "<h1>You have registered successfully</h1>";
print "You will receive an email shortly with instructions on how to confirm your email address.</a>";
}
?>
</body>
</html>
Thanks for any help at resolving this.
It was a simple answer and I figured it out!
My $ID was being pulled before the record was created, that's why it was blank! Dumb mistake on my part.
I have a database which looks like so -
I am trying to fetch the top 10 entries based on time (entries with top 10 values in time column). I have the following code.
<?php
include_once("connect.php");
$sql = "SELECT * FROM scores order by time desc limit 10";
$query = mysql_query($sql) or die("systemResult=Error");
$counter = mysql_num_rows($query);
if($counter>0)
{
print("systemResult=Success");
$array = mysql_fetch_array($query);
foreach($array as $data)
{
$athleteName = $data["athleteName"];
$email = $data["email"];
$time = $data["time"];
$timeStamp = $data["timeStamp"];
$country = $data["country"];
print "&athleteName=" . $athleteName;
print "&email=" . $email;
print "&time=".$time;
print "&timeStamp=".$timeStamp;
print "&country=".$country;
}
}
else
{
print("systemResult=Error");
}
?>
The output I am getting is
systemResult=Success&athleteName=7&email=7&time=7&timeStamp=7&country=7&athleteName=7&email=7&time=7&timeStamp=7&country=7&athleteName=4&email=4&time=4&timeStamp=4&country=4&athleteName=4&email=4&time=4&timeStamp=4&country=4&athleteName=G&email=G&time=G&timeStamp=G&country=G&athleteName=G&email=G&time=G&timeStamp=G&country=G&athleteName=n&email=n&time=n&timeStamp=n&country=n&athleteName=n&email=n&time=n&timeStamp=n&country=n&athleteName=2&email=2&time=2&timeStamp=2&country=2&athleteName=2&email=2&time=2&timeStamp=2&country=2&athleteName=I&email=I&time=I&timeStamp=I&country=I&athleteName=I&email=I&time=I&timeStamp=I&country=I
As can be seen, the output I am getting is not what is on the table in database. I am getting wierd values. What am I doing wrong?
You don't need to use for each in your case, and if so, just print $data, try to remove foreach loop, and if you want to get all records, then, use while:
while($data = mysql_fetch_array($query))
{
$athleteName = $data["athleteName"];
$email = $data["email"];
$time = $data["time"];
$timeStamp = $data["timeStamp"];
$country = $data["country"];
print "&athleteName=" . $athleteName;
print "&email=" . $email;
print "&time=".$time;
print "&timeStamp=".$timeStamp;
print "&country=".$country;
}
try
while($data = mysql_fetch_array($query)) {
$athleteName = $data["athleteName"];
//...
I have a while loop printing multiple checkboxes..I changed them to checkboxes instead of radio buttons.. now all I want to do is pass the names of all those checkboxes to my vote.php file. If I give my checkbox in my loop a simple name and carry that over to my vote.php which handles all my POST data, it only carries over my last selection.. I want all of my selections. I cleaned my code up for you guys a little bit.
Tell me where I am going wrong here.. here is my initial code printing the buttons..
while($row_nominee=mysql_fetch_array($result_nominee)){
$id = $row_nominee[0];
//print "$level";
$prefix = $row_nominee[1];
$fname = $row_nominee[2];
$lname = $row_nominee[3];
$suffix = $row_nominee[4];
$city = $row_nominee[5];
$state = $row_nominee[6];
$zip = $row_nominee[7];
$bio = $row_nominee[8];
$level = $row_nominee[10];
$name = $prefix . " " . $fname . " " . $lname;
$address = $city . " " . $state . " " . $zip;
//print "$voted";
print "<tr>";
print "<td width=\"4\" valign=\"top\"><input type=\"checkbox\" name=\"candidateOne\" id=\"candidate\" value=$id></td>";
print "<td valign=\"top\"><FONT face=Tahoma,Arial,Helv size=-1><b>Name:</b> <font color=\"#ff0000\">$name</font><br><b>Hometown:</b> $address<br><b>Bio:<br /></b> $bio</font></td>";
print "</tr>";
}
?>
//now here is my vote.php file which handles the checkboxes.
//get the contents from the vote ballot Form
$voter_id = safeEscapeString(qsrequest(voter));
$candidate_id = safeEscapeString(qsrequest(candidateOne));
//print "$voter_id and $candidate_id";
include '../../sql/usagym_connection.php';
if(qsrequest(correct))
{
$voter_id1= safeEscapeString(qsrequest(voter1));
$candidate_id1= safeEscapeString(qsrequest(candidate1));
$votes1= safeEscapeString(qsrequest(votes1));
$votes1 += 1;
$sql_voter = "update stateChair_voters set voted='Y' where (usagnum='$voter_id1')";
//print "$sql_voter<br>";
$result_voter = mysql_query($sql_voter, $link) or die("Invalid query2");
$update_candidate = "update stateChair_nominees set votes=$votes1 where (id=$candidate_id1)";
//print "$update_candidate<br>";
$result_update = mysql_query($update_candidate, $link) or die("Invalid query3");
//print "Total votes is $votes1.";
header( "Location: vote_thanks.html");
exit;
}
else
{
//connect the database
$sql_candidate = "select id, prefix, fname, lname, suffix, city, state, zip, bio, votes from stateChair_nominees where id=$candidate_id";
$result_candidate = mysql_query($sql_candidate, $link) or die("Invalid query1". mysql_error());
while($row_candidate=mysql_fetch_array($result_candidate)){
$id = $row_candidate[0];
$prefix = $row_candidate[1];
$fname = $row_candidate[2];
$lname = $row_candidate[3];
$suffix = $row_candidate[4];
$city = $row_candidate[5];
$state = $row_candidate[6];
$zip = $row_candidate[7];
$bio = $row_candidate[8];
$votes = $row_candidate[9];
$name = $prefix . " " . $fname . " " . $lname;
$address = $city . " " . $state . " " . $zip;
}
?>
All I really want to do is submit multiple people to a vote and not just one person. Thoughts? Thanks guys!
Here is my code for my checkboxes..
print "<td width=\"4\" valign=\"top\"><input type=\"checkbox\" name=\"candidateOne\" id=\"candidate\" value=$id></td>";
Now here is the code that handles these checkboxes.. I didn't write this code and I am having to debug it, so any help is appreciated.
$candidate_id = safeEscapeString(qsrequest(candidateOne));
This code right now handles a string, not a variable. What's the process in having a variable represent multiple checkboxes on the other file while recording them on here?
print "<td width=\"4\" valign=\"top\"><input type=\"radio\" name=\"candidateOne\" id=\"candidate\" value=$id></td>";
You must change the 'name' as you have changed the 'value' in the loop by a variable.
I am setting up a webpage for a student organization with bios for the officers along with pictures and whatnot.
the first page simply is html and css. it has a picture, name under it and a link to the full bio where it links to "bio.php?id=" and then the id in my SQL database for that person.
now i am trying to make the php page to allow a simple template php page using the user's id. unfortunately when i do everything that I think is right, I get an odd error.
here is my code
<html>
<body>
<?php
//connection to database
//specify database
$id= $GET['id'];
$sql = " SELECT * FROM Members_table WHERE Id='$id' ";
$result = mysql_query($sql) or print ("Can't select entry from table bloghomepage.<br />" . $sql . "<br />" . mysql_error());
WHILE($row = mysql_fetch_array($result)) {
$name = $row['Name'];
$position = $row['Position'];
$major = $row['Major'];
$hometown = $row['Hometown'];
$awards = $row['Awards'];
$bio = $row['Description'];
$act = $row['Activities'];
$pic = $row['Picture'];
$misc = $row['other'];
?>
<h1><?php print $name; ?></h1>
<p><?php print '<img src="' . $pic . '"'; ?>
<?php } ?>
</body>
</html>
This is what i see on my webpage:
" . $sql . "
" . mysql_error()); WHILE($row = mysql_fetch_array($result)) { $name = $row['Name']; $page_id= $id; $position = $row['Position']; $major = $row['Major']; $hometown = $row['Hometown']; $awards = $row['Awards']; $bio = $row['Description']; $act = $row['Activities']; $pic = $row['Picture']; $misc = $row['other']; ?>
and thats all. any ideas what i am doing wrong?
you just don't have PHP enabled on your host.
Hint: always see page source, not picture rendered by browser. It's HTML code being result of your PHP script, so, you have to check HTML code, not a picture rendered from it.
The PHP isn't being parsed, presumably because the necessary module/content handler isn't set up within your web server.
It's not directly related to the topic but you might want to cast the value of the GET parameter as an integer before reusing it in a query to prevent basic SQL injection
$id = intval( $_GET['id'] );