following is my script for send email inquiry.. the recipient email address was stored in a db called users.. this script will not work properly.. i think the problem is recipient email section.. because when i used a email address instead of $user it will work..
thanx help me
<?php
$refno = $HTTP_POST_VARS['refno'];
$proid = $HTTP_POST_VARS['proid'];
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$msg = $HTTP_POST_VARS['msg'];
//connect db and find email address related to id
include 'db_connector.php';
$id=$HTTP_POST_VARS['id'];
$query=mysql_query("SELECT user_email FROM users WHERE id='".$id."'");
$cont=mysql_fetch_array($query);
$user=$cont['user_email'];
// recipient name
$recipientname = "'".$name."'";
// recipient email
$recipientemail = $user ;
// subject of the email sent to you
$subject = "Inquiry for your advertisement No. (".$refno.")";
// send an autoresponse to the user?
$autoresponse = "no";
// subject of autoresponse
$autosubject = "Thank you for your inquiry!";
// autoresponse message
$automessage = "Thank you for your inquiry.! We'll get back to you shortly.
";
// END OF NECESSARY MODIFICATIONS
$message = "reference number : $refno
$msg
From $name $email
---";
// send mail and print success message
mail($recipientemail,"$subject","$message","From: $recipientname <$email>");
if($autoresponse == "yes") {
$autosubject = stripslashes($autosubject);
$automessage = stripslashes($automessage);
mail($email,"$autosubject","$automessage","From: $recipientname <$recipientemail>");
}
header("Location:index.php");
exit;
?>
First of all, your query is SQL injectable. Never ever pass a variable coming from a POST request directly into an SQL query. Use mysql_real_escape().
As to your bug: it seems that $user does not contain a valid e-mail address. so, the Mysql query is not returning an e-mail address.
Use $_POST rather than $HTTP_POST_VARS.
Switch on error reporting by prepending these two lines to your PHP code:
PHP code:
error_reporting(E_ALL);
ini_set('display_errors','1');
Run your script again. Do you get any notices or warnings?
If not, try to display your query, by adding
die($query);
just before the line that has the mysql_query command, and then run the query manually (e.g. using PhpMyAdmin or MySQL Query Browser) to see if you are actually getting a result that looks like an e-mail address.
Debug your PHP program.
Check out :
If the variables contain the supposed values.
Query is okay and returns result.
Proper header is set with mail function.
etc.
PHP manual have a good example to send mail.
Do not use $HTTP_POST_VARS['name']; it is deprecated use $_POST instead.
hey guys thanx for the help.. i found the error done in my inquiry form.. the id filed hidden outside of the form tag.. therefore the id value will not passed to the sendinq.php. i change it thank now the sendmail option work properly
Related
I am New to php . Any help would be greatly appreciated.
My issue is that when user reply to any post with specific id, php sends an email alerting involved users that have previously comment on the post with same id, the problem is if the person has entered 3 reply for that post the user gets 3 emails, Since my database has reply entries from the same user with email for each post multiple times.
This is what is the problem
$to = $row['Email'];
How do I make sure it does not send an email to the user multiple times?
// update data in mysql database
$sql4= "select * from answer WHERE id='$id'";
$result4=mysql_query($sql4);
while($row = mysql_fetch_array($result4))
{
$to = $row[‘email’] ;
// Your subject
$subject="$name Reply on example.com”;
// From
$header="from: Associate <no-reply#example.com>";
// Your message
$message = "$name Reply on example.com\n$comment\nDate and Time=$datetime\nhttps://www.example.com/upload/$img\nfor More Visit https://www.example.com/visit/“;
// send email
$sentmail = mail($to,$subject,$message,$header);
}
Change your query to this: $sql4= "SELECT DISTINCT * FROM answer WHERE id='$id'";
you can add email in array and use array_unique function so your duplicate entry will remove auto.
<?php
$a=array("a"=>"red","b"=>"green","c"=>"red");
print_r(array_unique($a));
?>
I've got email function setup and working by setting the code to email a specific email address. However, with this is that it goes to the same email address everytime the submit button is pressed based on the data entered in a text box who the mail comes from.
However, I want to change it so that when a user enters their username in the username box it checks my database table for that username and checks their email address and emails them all the information set for that user.
The code i'm using is ;
$username = $_POST['username'];
$my_query="SELECT * from loanusers where username = '$username'";
$result= mysqli_query($connection, $my_query);
$to = $myrow["emailaddess"];
$subject = 'CSG - Forgotten Password';
$sender = 'CSGLoanSystem#mail.com';
$password = $myrow["password"];
$admin = 'CSGLoanSystem Admin Team';
$body = <<< EMAIL
Hi {$username}, You have recently requested a notification of your password.
The Password registered with account {$username} is $password.
Thanks - {$admin}
EMAIL;
$header = "From:" . $sender;
if ($result):
mail($to, $subject, $body, $header);
$feedback = 'Email Sent';
endif;
At the moment when the submit button is pressed, the page refreshes but nothing actually happens and no email is received at the expected email address?
Pointing to the right direction:
Read up on MySQL and PDO. Also Read up on prepared statements and parameter binding.
Elaborating on the directions given:
There are many ways to connect to a database, and there are many different databases available. One popular database software is called MySQL, and the coding method that is most recommended to connect to that database is PDO for reasons such as having better methods for preventing security breaches.
You can find a lot of online tutorials on how to connect to a database, so I won't go into that, though I will however give you an example of a query you could use to do your email searching, and also I'll include prepared statements and parameter binding since these two details are often misunderstood by a lot of programmers.
If you have the following table:
users
______________________________
| username | email |
|------------+-----------------|
| john44 | abc#gmail.com |
|------------+-----------------|
| adam11 | 123#gmail.com |
|------------+-----------------|
the following code would allow you to retrieve john44's email:
$username = $_POST['username'];//getting the username written in the form
$sql = "SELECT email FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->execute([$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
//here I'm just outputting the obtained email for you to see
//it works, however you would then use the email saved in
//$result['email'] whichever way you want.
echo "email = {$result['email']}<br>";
Edited:
After you edited your code, I noticed you are not fetching the information you queried. Insert the following code after line $result= mysqli_query($connection, $my_query);:
$myrow = mysqli_fetch_assoc($result);
I have a website created using PHP to store form values in a database, and have a page that displays the values for certain users based on the selections. I am trying to send these values from the database to an email address, but I can not separate the values on each line of the subject. I am using the PHP built in function to email and storing the values in the subject variable.
I have tried add each variable separately by using
$subject . "content";
for each variable but it still is all in one line.
I am now thinking of making a newsletter type, but can't figure out how to make one or make it work how I want. So if anyone could help out on how I can send these values either in this way or in a different language.
Here is the code I have so far.
$query= sql query
$resultt= sql result
$roww=mysql_fetch_assoc($resultt);
extract($roww);
$emmessage = "User Form Information";
$emmessage = $emmessage . " " . "values extracted from the database from $roww
$send = #$_POST['send'];
$subject = strip_tags(#$_POST['subject']);
$reciever= strip_tags(#$_POST['email']);
$message = $emmessage;
// Start email processing
if ($send)
{
// Send the message
mail($reciever, $subject, $message, "From: $email");
$emessage="Your message has been sent";
include("forme.php");
You can used br2nl() function. Or if you are used \n directly as suggested before you should use nl2br() function so that in HTML page you will get a new line instead of a \n.
You can seperate lines in e-mails using \n.
$content = "Value 1 \n Value2";
I'm using this code as part of an email confirmation script. It works great, except I can't figure out a way to distinguish between when somebody has provided an invalid email address vs when they have simply refreshed the page (ie. already confirmed their account). The only think I can think of is putting a time stamp field in the users table that always gets updated, but I'm hoping there is a better way. I thought REPLACE would do the trick, but, while email is unique, it is not the primary key.
if (isset ($email, $token, $correctToken)){
$success = FALSE; //Set the $success variable so that we don't get an error when testing for it later
if ($token == $correctToken) {
$confirm = mysql_query("UPDATE users
SET conf = 'TRUE'
WHERE email = '$email'");
if (mysql_affected_rows() == 1) {
echo "Thank you! Your email address is confirmed and your account is actived.";
$success = TRUE;
}
}
if (!$success) {
echo "There was a problem with the confirmation. Try the link in your email again or contact us at Support#WiseRenters.com";
// Send email to admin to notify of error
exit;
}
}
Thanks in advance for the advice!
Billy
EDIT: The $email and $token variables are provided through $_GET or $_POST, in case that wasn't obvious.
A redirection would stop them from refreshing - but what if they click the link in their email again?
You should check if the current user is activated or not.
$sql = "SELECT id, conf FROM users WHERE email = '{$email}'";
$exec = mysql_query($sql) or die(mysql_error());
list( $id, $conf ) = mysql_fetch_row($exec);
if( $conf ) {
// Redirect them to their profile with a message saying "your account has already been activated"
header("Location: /profile?already_activated");
exit;
}
// your code
$confirm = mysql_query("UPDATE users
SET conf = 'TRUE'
WHERE id = '{$id}'");
In response to your comment:
Keep in mind this will only add an additional query for a user who has not activated yet. If they have activated then the redirect occurs and the page is still running only 1 query.
To optimize this a bit, you can select the user ID and confirmation status based on the email address. Then, if they do need to be activated, you can activate them based on user ID instead of email. Since an integer key is much faster, the combined time of the 2 queries will be about the same as the 1 query where you are updating based on a string column. I updated the code to reflect this.
Also, this page will probably not be accessed very frequently. Any optimizations from here would really be micro- and not really that helpful.
By the way I hope you are using mysql_real_escape_string on the email, and that conf is a boolean true/false not a string 'true'/'false'.
How to overcome from below error:
Notice: Use of undefined constant temp_members_db - assumed 'temp_members_db'
in /var/www/signup_ac.php on line 10 Cannot send Confirmation link to
your e-mail address
Below is the Code:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include('config.php');
// table name
$tbl_name=temp_members_db;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// values sent from form
$name=$_POST['name'];
$email=$_POST['email'];
$country=$_POST['country'];
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";
$result=mysql_query($sql);
// if suceesfully inserted data into database, send confirmation link to email
if($result){
// ---------------- SEND MAIL FORM ----------------
// send e-mail to ...
$to=$email;
// Your subject
$subject="Your confirmation link here";
// From
$header="from: your name <your email>";
// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
//$message.="http://www.yourweb.com/confirmation.php?passkey=$confirm_code";
$message.="http://localhost/confirmation.php?passkey=$confirm_code";
// send email
$sentmail = mail($to,$subject,$message,$header);
}
// if not found
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}
?>
Either you forgot a $ or you forgot some quotes.
You are probably using temp_members_db as an array key but didn’t quote the string properly:
$arr[temp_members_db] ⟶ $arr['temp_members_db']
See also Why is $foo[bar] wrong?:
This is wrong, but it works. The reason is that this code has an undefined constant (bar) rather than a string ('bar' - notice the quotes). PHP may in future define constants which, unfortunately for such code, have the same name. It works because PHP automatically converts a bare string (an unquoted string which does not correspond to any known symbol) into a string which contains the bare string. For instance, if there is no defined constant named bar, then PHP will substitute in the string 'bar' and use that.
Is it me, or there is a huge SQL-injection and Mail-injection in this code ?
(And it is not just some fancy words, it means you not fully understand what you are doing...)
And by the way PHP6 is not arrived yet, so function get_magic_quotes_gpc() is still exists, and it is still necessary ...
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include('config.php');
// table name
$tbl_name=temp_members_db;
You're either missing quotes:
$tbl_name='temp_members_db';
or the constant definition:
define('temp_members_d', 'whatever');