Erik
Reputation: 47
Making a conditional statement to send email alert
I'm trying to make a conditional statement to stop an email alert when the fail.php is called. Right now I'm getting an email alert for both good and fail results.
I do not want to receive an email if the the result failed. Should I make two scripts or is there a way t make this work together?
Thanks
Here is the section I'm referring to along with the whole script.
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
<?
$to = '[email protected]';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
Upvotes: 2
Views: 1663
Answers (4)
Lawrence Cherone
Reputation: 46620
I currently see some sql injections plus invalid query first_name, extra , at the end, constants used in posts array keys, a mix of request and post, large html block of code and no checks on validity of the values passed.
If you check for valid values then you can determine if the script should continue to the mail and update the database parts:
Heres a clean up of your code hope it helps:
<?php
$to = '[email protected]';
$subject = 'New Homeless Connection';
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['first_name']) && strlen($_POST['first_name'])>1){
$first_name=$_POST['first_name'];
}
if(isset($_POST['reg']) && strlen($_POST['reg'])>1){
$reg=$_POST['reg'];
}
if(isset($_POST['connect_date']) && strlen($_POST['connect_date'])>1){
$connect_date=$_POST['connect_date'];
}
if(!isset($first_name) || !isset($reg) || !isset($connect_date)){
header("location: reg_add_fail.php");
exit();
}
}else{
//the page the post from
header("location: reg_form.php");
exit();
}
$msg=<<<EMAIL
<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing="0" cellpadding="10" border="1" align="left">
<tr>
<td align="left" width="150px">Registery No.:</td>
<td align="left">$reg</td>
</tr>
<tr>
<td align="left">First Name:</td>
<td align="left">$first_name </td>
</tr>
<tr>
<td align="left">Connection Date:</td>
<td align="left">$connect_date</td>
</tr>
<tr>
<td align="left" colspan="2">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
EMAIL;
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,connect_date, reg, first_name)
VALUES ('{$submit_date}',".mysql_real_escape_string($connect_date)."','".mysql_real_escape_string($reg)."nv','".mysql_real_escape_string($first_name)."')";
$result = mysql_query($order);
header("Location: ./reg_add_success.php?reg=".urlencode($reg)."&first_name=".urlencode($first_name));
die;
?>
Upvotes: 0
Shaikh Farooque
Reputation: 2640
Final code, kindly test ite
<?
$to = '[email protected]';
$subject = 'New Homeless Connection';
$msg = "<html>
<head>
<title>New Homeless Connection</title>
</head>
<body>
<table cellspacing=\"0\" cellpadding=\"10\" border=\"1\" align=\"left\">
<tr>
<td align=\"left\" width=\"150px\">Registery No.:</td>
<td align=\"left\"> $reg</td>
</tr>
<tr>
<td align=\"left\">First Name:</td>
<td align=\"left\">$first_name </td>
</tr>
<tr>
<td align=\"left\">Connection Date:</td>
<td align=\"left\"$>$connect_date</td>
</tr>
<tr>
<td align=\"left\" colspan=\"2\">http://www.41q.org/admin/</td>
</tr>
</table>
<br>
<br>
</body>
</html>
";
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: Homeless' . "\r\n";
date_default_timezone_set('America/Los_Angeles');
$submit_date = date("m/d/y g:i A") ;
$order = "INSERT INTO reg_add (submit_date,
connect_date,
reg,
first_name,
)
VALUES
('$submit_date',
'$_POST[connect_date]',
'{$_POST[reg]}nv',
'$_POST[first_name]')";
$result = mysql_query($order);
if (mysql_affected_rows($result) > 0) {
mail($to, $subject, $msg, $headers);
$reg = $_REQUEST['reg'] ;
$first_name = $_REQUEST['first_name'];
header("location: reg_add_success.php?reg=" . urlencode($reg) . "&first_name=" . urlencode($first_name));
}
else {
header("location: reg_add_fail.php");
exit(); // as sugested by John Conde
}
?>
Upvotes: 0
dtbarne
Reputation: 8210
Remove the first instance of mail($to, $subject, $msg, $headers);.
Then, for good measure, check the number of rows affected, rather than true/false (although both should work).
if (mysql_affected_rows($result) > 0) {
}
Upvotes: 2
Shaikh Farooque
Reputation: 2640
If you check your code
// Make sure to escape quotes
$headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: Homeless' . "\r\n";
mail($to, $subject, $msg, $headers);
date_default_timezone_set('America/Los_Angeles');
This code is already sending the mail regard less of the result.
You just need to remove this line from top code
mail($to, $subject, $msg, $headers);
and your code will work fine.
Upvotes: 0
Related Questions
- Sending email through PHP with IF conditions
- PHP Send multiple rows in one mail with if statement
- PHP mail send MYSQL query
- Send email alert when mySQL field equals a value
- PHP if statement with PHP mail()
- Email with PHP after conditional statement
- Auto-Sending an email if a variable equals 1
- PHP If Statements
- PHP trigger an email automatically when a certain condition is met
- how can i set custom message to sql query for this script