Member Avatar for patk570

I have a form that i am getting info from and then I want to update certain fields in the database only not all the fields it then sends out an email to the person that filled out the form with a randomly generated ticket number that they can then track the progress on.

Problem 1) Will not update the database with the critera that I want.

Problem 2) Will not send out email in HTML form even with the headers set.

  <?php
if ($_POST['submit']) //if the Submit button pressed
  {

                       include 'conf.php';

                    $name = mysql_real_escape_string($_POST['name']);
                    $email = mysql_real_escape_string($_POST['email']);
                    $ticket = mysql_real_escape_string($_POST['ticketnumber']);
                    $phone = mysql_real_escape_string($_POST['phone']);
                    $findus = mysql_real_escape_string($_POST['referredby']);
                    $pass = mysql_real_escape_string($_POST['password']);

                       $sql="INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus )
                       VALUES ('$name','$email','$ticket','$phone','$pass','$findus')";
                       if (!$sql)
                        {
                             die('Error: ' . mysql_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://www.patrickspcrepair.com/portal/ticket-status.php?ticket_no=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $headers);
                       if($sent)
                               {print "Email successfully sent";}
                       else
                               {print "There was an error sending the mail";}

                       mysql_close($con);
                        }
        }
?>

Any ideas?

Thanks

  • 2 Contributors
  • 3 Replies
  • 217 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by Atli

Recommended Answers

All 3 Replies

Member Avatar for Atli

Problem 1: You aren't actually executing the SQL query. You just define the SQL query string as $sql but then do nothing with it. You need use the mysql_query function to execute it. (Although you should not be using the old MySQL API these days. Look into PDO or MySQLi instead.)

Problem 2: I'm not sure what exactly the problem is there, but when using the mail() function, you have to account for a lot of the excentricities involved in sending a complex email. I would suggest using a more advanced mailer library, like PHPMailer or Swift Mailer instead.

Member Avatar for patk570

I figured it out, have a look at this:

<?php
if ($_POST['submit']) //if the Submit button pressed
  {
                      include 'conf.php';


                       $sql = "INSERT INTO computerdb (name, email, ticket, phone, computerpass, findus, status, notes )
                       VALUES ('".$_POST['name']."','".$_POST['email']."','".$_POST['ticketnumber']."','".$_POST['phone']."','".$_POST['password']."','".$_POST['referredby']."', 'Pending', '".date('m/d/Y H:i:s'). ": Work has started on your computer')";
                       if (!mysqli_query($con,$sql))
                        {
                             die('Error: ' . mysqli_error($con));
                        }else{

            //if data is inserted successfully, send email
                       $to = $_POST['email'];
                       $url = "http://patrickspcrepair.com/newportal/do_search.php?query=";
                       $ticket = $_POST['ticketnumber'];

                       $header = 'MIME-Version: 1.0' . "\r\n";
                        $header .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
                        $header .= "From: Patrick's Computer Repair Inc. <tickets@patrickspcrepair.com>" . "\r\n";
                       $subject = "Ticket Number ".$_POST['ticketnumber'];
                       $body .= "<html><body>"."\n";
                    $body .= "Hello ".$_POST['name'].",<br>
                        <br>";
                    $body .= "Thank you for stopping by today.<br><br>"."\n";
                    $body .= "The information below is used to check on the status of your computer.<br>"."\n";
                    $body .= "Check Computer Status: <a href=\"".$url.$ticket."\">".$ticket."</a><br><br>"."\n";
                    $body .= "Be sure to like us on <a href=\"http://www.facebook.com/cspcrepair\"><img                                                                                                               src=\"http://www.patrickspcrepair.com/ticketgen/images/facebook.png\" width=\"30\" height=\"30\"></a> and <a href=\"http://www.twitter.com/patricksPCR\"><img src=\"http://www.patrickspcrepair.com/ticketgen/images/twitter.png\" width=\"50\" height=\"30\"></a>!". "\n";
                    $body .= "<br><br><br>Sincerly, <br><br><img style=\"border:none; text-decoration:none;\" src=\"http://www.patrickspcrepair.com/ticketgen/images/signature.png\" alt=\"Patrick Kershner\" />"."\n";
                    $body .= "</html></body>"."\n";
                       $sent = mail($to, $subject, $body, $header);
                       if($sent)
                               header('Location: http://www.patrickspcrepair.com/ticketgen/index.php?success=1&redir=1');
                       else
                               {print "There was an error sending the mail";}

                       mysqli_close($con);
                        }
        }
?>
Member Avatar for Atli

Just a heads up. You are now wide open to SQL Injection attacks. Either escape the user input before putting it into the SQL query, like you did before (just use the MySQLi variant of the escape function), or use the more modern Prepared Statements functionality available in MySQLi.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.