...

View Full Version : Could someone point out an error on my script?



Chris1989
11-03-2010, 12:15 PM
Its probably just a simple noob error, (i am new to PHP) but the following code will execute fine but only send the email...


<?php

if (isset($_REQUEST['email']) && $_REQUEST['email'] != '') {
$to = "my@email.com";
$subject = "Contact Details Captured";
$message = "New message from: {$_REQUEST['fname']} {$_REQUEST['sname']} {$_REQUEST['email']}.\r\n\r\n {$_REQUEST['telno']}";
$message .= $_REQUEST['message'];

mail($to,$subject,$message);
$dbserver = "localhost";
$dbuser = "myusername";
$dbpwd = "mypassword";

$dbcon = mysql_connect("$dbserver", "$dbuser", "$dbpwd");

mysql_select_db("test", $dbcon);

$query = "INSERT INTO captured_data (fname, sname, email, telno) VALUES ('$_POST[fname]','$_POST[sname]','$_POST[email]','$_POST[telno]')";

mysql_query($query, $dbcon);

mysql_close($dbcon);


header('Location:http://www.myurl.co.uk/home');}
else{
header('Location:http://www.myurl.co.uk/error.php#forma');
exit();
}

?>

and doing it the following way will add the data to my database but not send the email.


<?php

if (isset($_REQUEST['email']) && $_REQUEST['email'] != '') {
$to = "my@email";
$subject = "Contact Details Captured";
$message = "New message from: {$_REQUEST['fname']} {$_REQUEST['sname']} {$_REQUEST['email']}.\r\n\r\n {$_REQUEST['telno']}";
$message .= $_REQUEST['message'];


$dbserver = "localhost";
$dbuser = "myusername";
$dbpwd = "mypassword";

$dbcon = mysql_connect("$dbserver", "$dbuser", "$dbpwd");

mysql_select_db("test", $dbcon);

$query = "INSERT INTO captured_data (fname, sname, email, telno) VALUES ('$_POST[fname]','$_POST[sname]','$_POST[email]','$_POST[telno]')";

mysql_query($query, $dbcon);

mysql_close($dbcon);

mail($to,$subject,$message);
header('Location:http://www.myurl.co.uk/home');}
else{
header('Location:http://www.myurl.co.uk/error.php#forma');
exit();
}

?>

As I said it is probably a basic misunderstanding of the PHP the syntax.

Cheers, Chris.

ax8l
11-03-2010, 02:08 PM
I don't understand why it doesn't work but can you try this code?
it's not a big change it just verifies if mysql query completed successfully if it did then it emails the content after which it waits 2 seconds (I am thinking maybe you are redirecting the page before mail complets, although this should not be the case, but anyway...)


<?php

if (isset($_REQUEST['email']) && $_REQUEST['email'] != '') {
$to = "my@email";
$subject = "Contact Details Captured";
$message = "New message from: {$_REQUEST['fname']} {$_REQUEST['sname']} {$_REQUEST['email']}.\r\n\r\n {$_REQUEST['telno']}";
$message .= $_REQUEST['message'];


$dbserver = "localhost";
$dbuser = "myusername";
$dbpwd = "mypassword";

$dbcon = mysql_connect("$dbserver", "$dbuser", "$dbpwd");

mysql_select_db("test", $dbcon);

$query = "INSERT INTO captured_data (fname, sname, email, telno) VALUES ('$_POST[fname]','$_POST[sname]','$_POST[email]','$_POST[telno]')";

if(mysql_query($query, $dbcon))
mail($to,$subject,$message);
sleep(2);
header('Location:http://www.myurl.co.uk/home');}
else{
header('Location:http://www.myurl.co.uk/error.php#forma');
exit();
}

?>

Chris1989
11-03-2010, 04:41 PM
Thanks for the reply, I did try it but still doesnt send the email it only adds the data to the database.

It shouldnt redirect before sending the email as the header function is placed after the redirect indicating that it should send the email then redirect after adding the details to the database.

Confusing.

Keleth
11-03-2010, 04:45 PM
Do emails otherwise send on your server? Is this the first time you're having trouble with the mail function?

Lamped
11-04-2010, 12:33 AM
I can't see any obvious errors, perhaps you could check the error log? Assuming display errors is off. Perhaps start it with error_reporting(E_ALL) too.

Another thing: http://php.net/manual/en/function.mysql-real-escape-string.php


"INSERT INTO captured_data (fname, sname, email, telno) VALUES ('".mysql_real_escape_string($_POST[fname], $dbcon)."','".mysql_real_escape_string($_POST[sname], $dbcon)."','".mysql_real_escape_string($_POST[email], $dbcon)."','".mysql_real_escape_string($_POST[telno], $dbcon)."')";

... or read up about prepared statements.

Database sanitisation is really important from a security and bug fixing point of view.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum