1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:19 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

issue with insert sql and mail()

         

bysonary

3:35 am on Feb 24, 2007 (gmt 0)

10+ Year Member



hello, I hav rthe following code. 

<?php
$id = $_POST['id'];
$to = $_POST['to'];
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$header = $from . "\r\n" . 'Reply-To: name@domain.com' . "\r\n" . 'Cc: name@domain.com';


if (!empty($to) &&!empty($from) &&!empty($subject) &&!empty($message))
{
mail($to, $subject, $message, $header);
echo "mail sent";
echo "<br><br>";
echo "To: ".$to."<br>";
echo $from."<br>";
echo "Subject: ".$subject."<br>";
echo "Message: <br>".$message."<br>";

 include '/home/www/juttuffi/dbc.php';
 $a = 1;
 $query = "INSERT INTO tenquiries (flag) VALUES ('$a') WHERE id='$id'";
 $results = mysql_query($query);
 mysql_close($dbc);
}
else
{
echo "make sure that all fields are full.";
}
?>

it processes and outputs everything fine, however the mail hasn't been received at my address yet and the value in $a hasnt been added to the flag field of the tenquiries table, can any one help me out here, maybe point out the problem and a solution?

PS - the flag field of tenquiries is a VARCHAR field with a length of 1, it will only ever be empty or fielled with the number 1, i cant figure out why the mail() side of things isnt working, it was before i went and added the database stuff below it.

[edited by: bysonary at 3:39 am (utc) on Feb. 24, 2007]

eelixduppy

3:39 am on Feb 24, 2007 (gmt 0)



One error that I noticed right away is this. Change the following: 

$query = "INSERT INTO tenquiries (flag) VALUES ('$a') WHERE id='".[url=http://us2.php.net/mysql-real-escape-string]mysql_real_escape_string[/url]($id)."'";
$results = mysql_query($query); #you had $sqlquery here

Still looking for other errors... :)

[edit]
Seems like you caught that yourself and edited it, huh? ;)

bysonary

3:41 am on Feb 24, 2007 (gmt 0)

10+ Year Member



hey mate, i already changed that, still no look, i maybe thought it was something to do with ('$a') and my flag field being a varchar, should it not be ($a)?

i put echo $query in there and also changed ('$a') to ($a)

the echo $query shows this

INSERT INTO tenquiries (flag) VALUES (1) WHERE id='5

there is a ' missing from the end

[edited by: bysonary at 3:46 am (utc) on Feb. 24, 2007]

eelixduppy

3:45 am on Feb 24, 2007 (gmt 0)



That seems fine. Seems like I overlooked something. Are you adding the value into the database table or are you updating it? If you are updating an existing record, it would look something like this: 

$query = "[url=http://dev.mysql.com/doc/refman/5.0/en/update.html]UPDATE[/url] tenquiries SET `flag` = '$a' WHERE id='".mysql_real_escape_string($id)."'";

If you are inserting a new record, maybe you want it to look like this: 


$query = "INSERT INTO tenquiries (flag,id) VALUES ('$a','".mysql_real_escape_string($id)."')";

See if this helps :)

[edit]
Edit happy :)

bysonary

3:50 am on Feb 24, 2007 (gmt 0)

10+ Year Member



cheers mate thats got the insert working, you were right i was looking to update rather than insert, its late here.. ah i wont make excuses i just didnt think, he mail side of things should work though right? i mean it was working before not sure why it isnt working now.

eelixduppy

3:56 am on Feb 24, 2007 (gmt 0)



I believe it's a problem with the mail header. Try something like this: 

$header = [b]'From: name@domain.com'[/b]."\r\n" . 'Reply-To: name@domain.com' . "\r\n" . 'Cc: name@domain.com';

If the FROM header isn't properly constructed, the mail may have problems being sent.

Also, you may want to add some type of validation to this form as it may be abused by bots and whatnot. We have a nice little thread in our library on the subject: Combatting Webform hijack [webmasterworld.com].

bysonary

4:08 am on Feb 24, 2007 (gmt 0)

10+ Year Member



so even if 

$from = "From: name@domain.com";

the below isn't right 

$header = $from . "\r\n" . 'Reply-To: name@domain.com' . "\r\n" . 'Cc: name@domain.com';

using your suggestion worked, but i dont see why $from won't work, it worked a few days ago when i tested the mail section of this code.

eelixduppy

4:14 am on Feb 24, 2007 (gmt 0)



The way you have it above should work; i see no reason for it not to. What first sparked my interest is that you are allowing the from header to be defined in a web form: 

$from = $_POST['from'];

That right there isn't a very good idea. I think you should make it static to begin with, if you can. This is because of two reasons. The first being that someone can exploit the fact that they can define any FROM header (not to mention other headers if they want to just inject them in there). The second being that you don't really have control over what is being put into the form unless you do some validation (which I see you don't have).

So I'd keep it static, as in my previous post. That is, if you can :)

bysonary

6:48 pm on Feb 26, 2007 (gmt 0)

10+ Year Member



hello again, I seem to have broken the script now, it doesn't appear to send the mail where as it did previously, can anyone take a look and perhaps see whats causing it?

here is the code that processes the form uses mail() to send the e mail 


<?php
include '/home/www/juttuffi/auth.php';
include '/home/www/juttuffi/header.php';
$id = $_POST['id'];
$to = $_POST['to'];
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$header = 'From: mail@domain.com'."\r\n" . 'Reply-To: mail@domain.com' . "\r\n" . 'Cc: mail@domain.com'; 
if (!empty($to) &&!empty($from) &&!empty($subject) &&!empty($message))
{
mail($to, $subject, $message, $header);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="2" class="tablemain">
 <tr>
<td class="tableheader"><span class="tblheader">Mail Sent</span></td>
<td class="tableheader"><span class="tblheader">&nbsp;</span></td>
 </tr>
 <tr>
<td class="tablebody" valign="top"><span class="tblbody">To: </span></td>
<td class="tablebody" valign="top"><span class="tblbody"><?php echo $to;?></span></td>
 </tr>
 <tr>
<td class="tablebody" valign="top"><span class="tblbody">From: </span></td>
<td class="tablebody" valign="top"><span class="tblbody"><?php echo $from;?></span></td>
 </tr>
 <tr>
<td class="tablebody" valign="top"><span class="tblbody">Subject: </span></td>
<td class="tablebody" valign="top"><span class="tblbody"><?php echo $subject;?></span></td>
 </tr>
 <tr>
<td class="tablebody" valign="top"><span class="tblbody">Message: </span></td>
<td class="tablebody" valign="top"><span class="tblbody"><?php echo $message;?></span></td>
 </tr>
</table>
<?
 include '/home/www/juttuffi/dbc.php';
 $a = 1;
 $query = "UPDATE tenquiries SET `flag` = '$a' WHERE id='".mysql_real_escape_string($id)."'";
 $results = mysql_query($query);
 mysql_close($dbc);
}
else
{
?>
<table border="0" width="100%" cellspacing="0" cellpadding="2" class="tablemain">
<tr>
<td width="100%" class="tableheader">
<span class="tblheader">
***ERROR***
</span>
</td>
</tr>
<tr>
<td width="100%" class="tablebody">
<span class="tblbody">
<?php echo "make sure that all fields are full.";?>
</span>
</td>
</tr>
</table>
<?
}
?>

I would appreciate it alot as this keeps breaking and i dont know whats causing it!

bysonary

12:57 am on Feb 28, 2007 (gmt 0)

10+ Year Member



nudge

eelixduppy

1:10 am on Feb 28, 2007 (gmt 0)



It seems like the code is correct. Are you sure it isn't being sent out or could you just not be receiving it? Check your spam folder to see if it's in there. If you think it's an error with the script, check your error logs or add 
error_reporting(E_ALL);
to the top to see if it is.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:19 am May 2, 2026