Forum Moderators: coopster
I have a little guestbook on my website. When a user makes a new entry i am informed via php sendmail.
The problem is that the page seems to autosend me a notice although there a no new entries. one per day ca. I have tried to alter the code i a bit but it doesnt work. I am new to php. Heres a code chunk. Thanx.
<?
/* recipients */
$to = "x <x@x.dk>";
/* subject */
$subject = "x";
/* message */
$message = '
<html>
<head>
<title></title>
</head>
<body>
x
</body>
</html>
';
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\nContent-Transfer-Encoding: 8bit";
mail($to, $subject, $message, $headers);
?>
<?
if ($action && ($navn=="" or $spg=="")) { echo"<font color=\"#FF0000\">x</font><br><a href=\"javascript:history.go(-1);\">back.</a>"; }
elseif ($action=="skriv") { echo"sending confirmed.<br><a href=\"spoerg.php\">Tilbage</a>";
$navn = safeHTML($navn);
$email = safeHTML($email);
$bynavn = safeHTML($bynavn);
$land = safeHTML($land);
$spg= safeHTML($spg);
$sql = "insert into questions (navn,email,bynavn,land,spg) values ('$navn','$email','$bynavn','$land','$spg')";
mysql_query($sql); } else {
?>
<form method="post" name="mailform" action="<?=$PHP_SELF?>"
<input type="hidden" name="action" value="skriv">
<input type="hidden" name="recipient" value="x@x.dk">
1. You send an email when the page is loaded, but only write an entry into the DB based on the result of the if statement. So if the first part of the if statement is true, the databse entry is not written.
2. The if statement seems a bit malformed to me... The third leg seems to go: else { <something needed here}>
Shawn
1. You send an email when the page is loaded, but only write an entry into the DB based on the result of the if statement. So if the first part of the if statement is true, the databse entry is not written.
Thats true! it does send a mail when the page is loaded. How can i make it so that the mail is only send when the submit button is activated. i have JS in place so they cant send an empty message.
I think i have solved it. i moved the mail command like this
elseif ($action=="skriv") { echo"Dit indlæg er skrevet i gæstebogen"; mail($to, $subject, $message, $headers);
The mail is not send onload, only when the sumbit is activated. Thanks for pointing me in the right direction.
Regards
Hafnius
[edited by: hafnius at 2:01 pm (utc) on April 25, 2003]
<form method="post" name="mailform" action="<?=$PHP_SELF?>" >
<input ..... />
<input type="hidden" name="action" value="skriv" />
<input type="hidden" name="recipient" value="x@x.dk" />
<input type="submit" name="submit" value="SUBMIT" />
</form>
} else {
mail($to,$subject,$message);
}
Screen the user input server side. Add your sendmail to the end of the routine that loads the database. i.e. -
1. if($_POST...screen input)
2. $q = "build sql query..."
3. store data
4. send conformation email
5. return
I have been known to write a script out in comments (like above) and then go back and fill in the code necessary to make the comments work. It can help with clarifying program flow and logic (plus you end up with nicely commented code when finished:))
WBF
Well done on getting it going.
A few comments:
1. I agree with willybfriendly that you should send the confirmation after the database is written. I'd go further than that, and say that you should test the database write was successful. Something like:
if (mysql_query($sql) was successful)
then
present thank you page and send email
else
present page which says "sorry, I'm having trouble writing to the database, please try again later"
2. Don't rely on Javascript for form validation. Visitors can circumvent it, either maliciously or unknowlingly. Use it to make the form easier to fill out and more responsive, but check using your php code before writing to the database as well. See RussellC's code snippet.
Shawn
Screen the user input server side. Add your sendmail to the end of the routine that loads the database. i.e. -
i see the logic in doing the screening server-side i will try to take it up.
you should send the confirmation after the database is written. I'd go further than that, and say that you should test the database write was successful.
I will try to move the mail-command till after the DB write. It is very helpful advice for me to outline the stages in the code and on that basis look at the code.
Thanx all for the responses - This is really a great forum!
Regards
Hafnius
