开发者

Could someone help figure out the problems with the statements in this PHP file?

开发者 https://www.devze.com 2023-02-28 03:46 出处:网络
<?php $con = mysql_connect(\"localhost\", \"root\"); if (!$con) { die(\"Cannot make a connection\"); } $customer_first_name = $_POST[\'customer_first_name\'];
<?php
$con = mysql_connect("localhost", "root");

if (!$con)
{
die("Cannot make a connection");
}

$customer_first_name = $_POST['customer_first_name'];
$customer_last_name = $_POST['customer_last_name'];
$customer_email = $_POST['customer_email'];
$category_id = $_POST['category_id'];
$problem_body = $_POST['problem_body'];

mysql_select_db('yumbox_table', $con) or die(mysql_error());

mysql_query("INSERT INTO yumbox_customer_inquiry (customer_last_name, customer_first_name, customer_email, category_id, problem_body) values ($customer_last_name, $customer_first_name, $customer_email, $category_id, $problem_body)", $con);


if ($category_id==1)
{
mail('technical_problems_11@yahoo.com… 'You have a new email from $customer_first_name $customer_last_name at $customer_email', $problem_body);
}

if ($category_id==2)
{
mail('login_problems11@yahoo.com', 'You have a new email from $firstname $lastname at $emailaddress', $problem_body);
}

if ($category_id==3)
{
mail('order_problems_11@yahoo.com', 'You have a new email from $firstname $lastname at $emailaddress', $problem_body);
}

echo('Thank you for sending us your feedback. A customer support representative w开发者_JAVA技巧ill respond to you shortly');




mysql_close($con)
?>

In an html page, a user is suppose to enter information in a form and the data is suppose to go to this php file. From here it is suppose to be deposited into a mysql table and this data is also suppose to go to an email address. However, it does not send the code to the mysql table and you get an error message saying that it cannot be sent by email. Can someone out there help me figure out this baffling issue?


In addition to Adnan's post, I would also recommend capturing the result of the query using a variable, and closing the MySQL connection once you are done with it:

$result = mysql_query(...);
// Evaluate the result, if its false the query failed.
if($result == FALSE && $debugoutput == TRUE)
{
  //This should be debug output only!  
  //It could potentially expose your code to the public
  $errorNum = "MySQL Error Number: " . mysql_errno($conn);
  $errorMsg = "MySQL Error Message: " . mysql_error($conn);
}

mysql_close($con);

As for your email issues, do you have a mail server set up? And if so is it properly configured to receive requests from PHP? I'm sorry I don't have too much experience with Mail Servers and PHP yet... but it does not look that difficult.

Maybe this is a bit "nitpicky" of me, but I like to separate functionality into different areas: Have a method to store data in your database and have a separate method that will send out your emails. It could also help you debug your current issue by seeing if its a database issue or an email issue or both? Just sayin...


Include single quotes:

('$customer_last_name', '$customer_first_name', '$customer_email', '$category_id', '$problem_body')

NOTE: if category_id is numeric in your table you do not need to have quotes.

Also, at least clean the posted data with:

$customer_first_name = mysql_escape_string($_POST['customer_first_name']);
... and so on

this will protect your db from SQL injections.


  1. You're wide open to SQL injection. See Bobby Tables
  2. You have no error checking on your queries. They return FALSE if they fail. As a bare mininum, you should have:

    mysql_query($query) or die(mysql_error());

  3. Your sample code doesnot have any "cannot be send by email" error-type text, where are you seeing that?
0

精彩评论

暂无评论...
验证码 换一张
取 消