0

I have a form that i am getting info from and then I want to update certain fields in the database only not all the fields it then sends out an email to the person that filled out the form with a randomly generated ticket number that they can then track the progress on.

Problem 1) Will not update the database with the critera that I want.

Problem 2) Will not send out email in HTML form even with the headers set.

  <?php
if ($_POST['submit']) //if the Submit button pressed
  {

                       include 'conf.php';

                    $name = mysql_real_escape_string($_POST['name']);
                    $email = mysql_real_escape_string($_POST['email']);
                    $ticket = mysql_real_escape_string($_POST['ticketnumber']);
                    $phone = mysql_real_escape_string($_POST['phone']);
                    $findus = mysql_real_escape_string($_POST['referredby']);
                    $pass = mysql_real_escape_string($_POST['password']);

                       $sql="INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus )
                       VALUES ('$name','$email','$ticket','$phone','$pass','$findus')";
                       if (!$sql)
                        {
                             die('Error: ' . mysql_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://www.patrickspcrepair.com/portal/ticket-status.php?ticket_no=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $headers);
                       if($sent)
                               {print "Email successfully sent";}
                       else
                               {print "There was an error sending the mail";}

                       mysql_close($con);
                        }
        }
?>

Any ideas?

Thanks

2
Contributors
3
Replies
22
Views
4 Years
Discussion Span
Last Post by Atli
0

Problem 1: You aren't actually executing the SQL query. You just define the SQL query string as $sql but then do nothing with it. You need use the mysql_query function to execute it. (Although you should not be using the old MySQL API these days. Look into PDO or MySQLi instead.)

Problem 2: I'm not sure what exactly the problem is there, but when using the mail() function, you have to account for a lot of the excentricities involved in sending a complex email. I would suggest using a more advanced mailer library, like PHPMailer or Swift Mailer instead.

0

I figured it out, have a look at this:

<?php
if ($_POST['submit']) //if the Submit button pressed
  {
                      include 'conf.php';


                       $sql = "INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus, status, notes )
                       VALUES ('".$_POST['name']."','".$_POST['email']."','".$_POST['ticketnumber']."','".$_POST['phone']."','".$_POST['password']."','".$_POST['referredby']."', 'Pending', '".date('m/d/Y H:i:s'). ": Work has started on your computer')";
                       if (!mysqli_query($con,$sql))
                        {
                             die('Error: ' . mysqli_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://patrickspcrepair.com/newportal/do_search.php?query=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $header);
                       if($sent)
                               header('Location: http://www.patrickspcrepair.com/ticketgen/index.php?success=1&redir=1');
                       else
                               {print "There was an error sending the mail";}

                       mysqli_close($con);
                        }
        }
?>
0

Just a heads up. You are now wide open to SQL Injection attacks. Either escape the user input before putting it into the SQL query, like you did before (just use the MySQLi variant of the escape function), or use the more modern Prepared Statements functionality available in MySQLi.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.