Update database then email form

Question

patk570 42 Newbie Poster

11 Years Ago

I have a form that i am getting info from and then I want to update certain fields in the database only not all the fields it then sends out an email to the person that filled out the form with a randomly generated ticket number that they can then track the progress on.

Problem 1) Will not update the database with the critera that I want.

Problem 2) Will not send out email in HTML form even with the headers set.

  <?php
if ($_POST['submit']) //if the Submit button pressed
  {

                       include 'conf.php';

                    $name = mysql_real_escape_string($_POST['name']);
                    $email = mysql_real_escape_string($_POST['email']);
                    $ticket = mysql_real_escape_string($_POST['ticketnumber']);
                    $phone = mysql_real_escape_string($_POST['phone']);
                    $findus = mysql_real_escape_string($_POST['referredby']);
                    $pass = mysql_real_escape_string($_POST['password']);

                       $sql="INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus )
                       VALUES ('$name','$email','$ticket','$phone','$pass','$findus')";
                       if (!$sql)
                        {
                             die('Error: ' . mysql_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://www.patrickspcrepair.com/portal/ticket-status.php?ticket_no=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $headers);
                       if($sent)
                               {print "Email successfully sent";}
                       else
                               {print "There was an error sending the mail";}

                       mysql_close($con);
                        }
        }
?>

Any ideas?

Thanks

php

2 Contributors
3 Replies
218 Views
1 Hour Discussion Span
Latest Post 11 Years Ago Latest Post by Atli

Atli 182 Posting Pro

11 Years Ago

Problem 1: You aren't actually executing the SQL query. You just define the SQL query string as $sql but then do nothing with it. You need use the mysql_query function to execute it. (Although you should not be using the old MySQL API these days. Look into PDO or MySQLi instead.)

Problem 2: I'm not sure what exactly the problem is there, but when using the mail() function, you have to account for a lot of the excentricities involved in sending a complex email. I would suggest using a more advanced mailer library, like PHPMailer or Swift Mailer instead.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

patk570 42 Newbie Poster · Answer 1 · 2013-09-16T23:46:43+00:00

I figured it out, have a look at this:

<?php
if ($_POST['submit']) //if the Submit button pressed
  {
                      include 'conf.php';


                       $sql = "INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus, status, notes )
                       VALUES ('".$_POST['name']."','".$_POST['email']."','".$_POST['ticketnumber']."','".$_POST['phone']."','".$_POST['password']."','".$_POST['referredby']."', 'Pending', '".date('m/d/Y H:i:s'). ": Work has started on your computer')";
                       if (!mysqli_query($con,$sql))
                        {
                             die('Error: ' . mysqli_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://patrickspcrepair.com/newportal/do_search.php?query=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $header);
                       if($sent)
                               header('Location: http://www.patrickspcrepair.com/ticketgen/index.php?success=1&redir=1');
                       else
                               {print "There was an error sending the mail";}

                       mysqli_close($con);
                        }
        }
?>

Atli 182 Posting Pro · Answer 2 · 2013-09-17T00:28:54+00:00

Just a heads up. You are now wide open to SQL Injection attacks. Either escape the user input before putting it into the SQL query, like you did before (just use the MySQLi variant of the escape function), or use the more modern Prepared Statements functionality available in MySQLi.