How to overcome from below error:
Notice: Use of undefined constant temp_members_db - assumed 'temp_members_db'
in /var/www/signup_ac.php on line 10 Cannot send Confirmation link to
your e-mail address
Below is the Code:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include('config.php');
// table name
$tbl_name=temp_members_db;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// values sent from form
$name=$_POST['name'];
$email=$_POST['email'];
$country=$_POST['country'];
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')";
$result=mysql_query($sql);
// if suceesfully inserted data into database, send confirmation link to email
if($result){
// ---------------- SEND MAIL FORM ----------------
// send e-mail to ...
$to=$email;
// Your subject
$subject="Your confirmation link here";
// From
$header="from: your name <your email>";
// Your message
$message="Your Comfirmation link \r\n";
$message.="Click on this link to activate your account \r\n";
//$message.="http://www.yourweb.com/confirmation.php?passkey=$confirm_code";
$message.="http://localhost/confirmation.php?passkey=$confirm_code";
// send email
$sentmail = mail($to,$subject,$message,$header);
}
// if not found
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){
echo "Your Confirmation link Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send Confirmation link to your e-mail address";
}
?>
Either you forgot a $ or you forgot some quotes.
You are probably using temp_members_db as an array key but didn’t quote the string properly:
$arr[temp_members_db] ⟶ $arr['temp_members_db']
See also Why is $foo[bar] wrong?:
This is wrong, but it works. The reason is that this code has an undefined constant (bar) rather than a string ('bar' - notice the quotes). PHP may in future define constants which, unfortunately for such code, have the same name. It works because PHP automatically converts a bare string (an unquoted string which does not correspond to any known symbol) into a string which contains the bare string. For instance, if there is no defined constant named bar, then PHP will substitute in the string 'bar' and use that.
Is it me, or there is a huge SQL-injection and Mail-injection in this code ?
(And it is not just some fancy words, it means you not fully understand what you are doing...)
And by the way PHP6 is not arrived yet, so function get_magic_quotes_gpc() is still exists, and it is still necessary ...
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
include('config.php');
// table name
$tbl_name=temp_members_db;
You're either missing quotes:
$tbl_name='temp_members_db';
or the constant definition:
define('temp_members_d', 'whatever');
Related
I've got a page on my website where users can send me a message by giving their email, name, and a message. On the front end (JS) I do some basic verification, make sure the email is formatted like an email, make sure the other boxes aren't blank, and then I send it to PHP by GET.
Now I'm aware people can do some pretty sneaky stuff by injecting malicious code into PHP. What precautions should I be taking? When I was working with MySQL, I would escape it using the mysqli escape function. What should I be doing here?
Here's my script right now:
<?php
if(!isset($_GET["message"]) || !isset($_GET["name"]) || !isset($_GET["email"])){
echo "Check all the fields are correctly filled in and try again!";
die();
}
$email = $_GET["email"];
$message = $_GET["message"];
$name = $_GET["name"];
if($email == ""|| $message == "" || $name == ""){
echo "Check all the fields are correctly filled in and try again!";
die();
}
$message = wordwrap($message, 70);
mail("email#email.com","A Message From " . $name,$message,"From: $email\n");
echo "success";
?>
A very basic way is that you can declare a variable (for example $pattern)and store regular expressions (like patterns used commonly in attacks) in it, then use preg_match($pattern, $valueFromYourForm) method to see if any of the passed values matches any of those expressions and then you can stop the execution.
What im basically trying to do is to confirm the identity of the user by using the mail address then Do certain database operation if the identity is verified.
I want to generate a confirmation code and send to the email address in the form of a URL.
But i do not want to maintain a database for the confirmation codes.How can i do this using encryption.Any Ideas?
it should look like:
<?php
$salt = "this is a secret key!!!";
if(isset($_GET["confirm"]) && isset($_GET["email"])){
$confirm = $_GET["confirm"];
$to_email = $_GET["email"];
if(sha1($salt.$to_email) == $confirm){
// this mail is confirmed, now do some db work
// update_db ... ();
}else{
die("error: mail not confirmed");
}
}elseif(isset($_GET["email"])){
$to_email = $_GET["email"];
$confirm_link = $_SERVER["PHP_SELF"]."?confirm=".urlencode(sha1($salt.$to_email))."&mail=".urlencode($to_email);
$msg = "to confirm ... click the link: \n ".$confirm_link;
mail($to_email,"pls. confirm your mail",$msg);
}else{
die("error message");
}
?>
You could Hash the email address in question with some secret salt and make that the token in the link. Then when you're verifying it, repeat that same process.
Best way of that is having a varchar field in your database named "activation".
So you can keep "confirmation code" there. When user has activated his account you will update it to "1". So if the field is "1"; User has activated his account. Otherwise there will be still confirmation code there and user's account is not activated. So there will be at least one column for activation process.
I have a website created using PHP to store form values in a database, and have a page that displays the values for certain users based on the selections. I am trying to send these values from the database to an email address, but I can not separate the values on each line of the subject. I am using the PHP built in function to email and storing the values in the subject variable.
I have tried add each variable separately by using
$subject . "content";
for each variable but it still is all in one line.
I am now thinking of making a newsletter type, but can't figure out how to make one or make it work how I want. So if anyone could help out on how I can send these values either in this way or in a different language.
Here is the code I have so far.
$query= sql query
$resultt= sql result
$roww=mysql_fetch_assoc($resultt);
extract($roww);
$emmessage = "User Form Information";
$emmessage = $emmessage . " " . "values extracted from the database from $roww
$send = #$_POST['send'];
$subject = strip_tags(#$_POST['subject']);
$reciever= strip_tags(#$_POST['email']);
$message = $emmessage;
// Start email processing
if ($send)
{
// Send the message
mail($reciever, $subject, $message, "From: $email");
$emessage="Your message has been sent";
include("forme.php");
You can used br2nl() function. Or if you are used \n directly as suggested before you should use nl2br() function so that in HTML page you will get a new line instead of a \n.
You can seperate lines in e-mails using \n.
$content = "Value 1 \n Value2";
following is my script for send email inquiry.. the recipient email address was stored in a db called users.. this script will not work properly.. i think the problem is recipient email section.. because when i used a email address instead of $user it will work..
thanx help me
<?php
$refno = $HTTP_POST_VARS['refno'];
$proid = $HTTP_POST_VARS['proid'];
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$msg = $HTTP_POST_VARS['msg'];
//connect db and find email address related to id
include 'db_connector.php';
$id=$HTTP_POST_VARS['id'];
$query=mysql_query("SELECT user_email FROM users WHERE id='".$id."'");
$cont=mysql_fetch_array($query);
$user=$cont['user_email'];
// recipient name
$recipientname = "'".$name."'";
// recipient email
$recipientemail = $user ;
// subject of the email sent to you
$subject = "Inquiry for your advertisement No. (".$refno.")";
// send an autoresponse to the user?
$autoresponse = "no";
// subject of autoresponse
$autosubject = "Thank you for your inquiry!";
// autoresponse message
$automessage = "Thank you for your inquiry.! We'll get back to you shortly.
";
// END OF NECESSARY MODIFICATIONS
$message = "reference number : $refno
$msg
From $name $email
---";
// send mail and print success message
mail($recipientemail,"$subject","$message","From: $recipientname <$email>");
if($autoresponse == "yes") {
$autosubject = stripslashes($autosubject);
$automessage = stripslashes($automessage);
mail($email,"$autosubject","$automessage","From: $recipientname <$recipientemail>");
}
header("Location:index.php");
exit;
?>
First of all, your query is SQL injectable. Never ever pass a variable coming from a POST request directly into an SQL query. Use mysql_real_escape().
As to your bug: it seems that $user does not contain a valid e-mail address. so, the Mysql query is not returning an e-mail address.
Use $_POST rather than $HTTP_POST_VARS.
Switch on error reporting by prepending these two lines to your PHP code:
PHP code:
error_reporting(E_ALL);
ini_set('display_errors','1');
Run your script again. Do you get any notices or warnings?
If not, try to display your query, by adding
die($query);
just before the line that has the mysql_query command, and then run the query manually (e.g. using PhpMyAdmin or MySQL Query Browser) to see if you are actually getting a result that looks like an e-mail address.
Debug your PHP program.
Check out :
If the variables contain the supposed values.
Query is okay and returns result.
Proper header is set with mail function.
etc.
PHP manual have a good example to send mail.
Do not use $HTTP_POST_VARS['name']; it is deprecated use $_POST instead.
hey guys thanx for the help.. i found the error done in my inquiry form.. the id filed hidden outside of the form tag.. therefore the id value will not passed to the sendinq.php. i change it thank now the sendmail option work properly
I want to send an email to multiple recipients using PHP mail() function. The email message is simply a reminder that a membership is due to expire so email addresses will come from MySql database query. There would anywhere from 2-10 at any given time. I found the following code but it generate errors. The problem is not with my query as it generates an accurate recordset. This is the code I have: Hopefully someone can help. By the way, I am very much a novice so need easy straight forward explanation. Thanks in advance:
<?php
$recipients = ("SELECT email FROM tblMembers WHERE search criteria=criteria");
$email_list = $db->query($recipients);
foreach($email_list as $row) {
$to = $row['email'];
$subject = "Membership Renewal";
$headers = "From: Membership Coordinator <membership#myaddress.net>\r\n";
$message = "THIS IS AN AUTOMATED EMAIL. PLEASE DO NOT REPLY""\n""etc, etc, etc";
if ( mail($to,$subject,$headers,$message) ) {
echo "Email was sent successfully";
} else {
echo "Email delivery has failed!";
}
}
?>
As far as I know, then $headers comes after $message, so you should just change the order in mail() and be more aware in future.
Change
$message = "THIS IS AN AUTOMATED EMAIL. PLEASE DO NOT REPLY""\n""etc, etc, etc";
to
$message = "THIS IS AN AUTOMATED EMAIL. PLEASE DO NOT REPLY\netc, etc, etc";
There is the syntax error, because " will end the string. You would need a . to concatenate the next string.
But you could also leave the two " out at this point, becase in a double quoted string, PHP will replace \n by a newline character.