Jump to content

php mysql and php post only showing on result

mrooks1984

By mrooks1984
in PHP Coding Help

 Share

Recommended Posts

mrooks1984 Member

mrooks1984

Posted
Posted

hello all, i am trying to convert results from a database and email them, but its only doing one of the results and i cant figure out how to fix this, i am hoping someone on here can help me out.

 

heres my current code

	while($row = mysql_fetch_array($result)) {
  			
		//Send order placed email
		$customer_name = $customer_first_name . " " . $customer_last_name;
		$email_subject = "A order has been placed";
		$email_message_admin = "" . $row['product'] . $row['option1']. $row['option2'];
		$email_message_customer = "";
		$date_time = date("F j, Y, g:i a");

		$sql = "INSERT INTO ticket (name, subject, message, email, date_time)
		VALUES ('$customer_name','$email_subject','$email_message_admin','$customer_email','$date_time')";

		if (!mysql_query($sql)) {
			die('Error: ' . mysql_error());
		}
		//Send Email To Site Owner
		mail($store_email, $email_subject, $email_message_admin, 'From:' . $store_email);
		//Send Email To Customer
		mail($customer_email, $email_subject, $row['user_message'], 'From:' . $store_email);

 

many thanks all.

Christian F. Member

Christian F.

Posted
Posted

That doesn't look to be the complete code, or..? You're, at least, missing a closing curly bracket at the end, possibly more for all we know.

 

Secondly, I notice a complete lack of any kind of output escaping here, and I suspect a lack of input validation on the input-side of this code as well. Something which leads you open to not only attacks from third parties, but also vulnerable to unintended errors due to differences in the syntax between the differing systems. After all, a character that's harmless in one system ("\n" for instance), can wreak havoc in another (like e-mail headers).

 

Oh, and please check all the error logs on your system. Might be some clues in them.

mrooks1984 Member

mrooks1984

Posted
  • Author
Posted

thanks for getting back to me, no just the part i think is the issue, but i have it working now, heres the code:

	//get cart info order items
	$result = mysql_query("SELECT product,option1,option2,option3,option4,option5 FROM store_cart WHERE customer='$session_id'");
	while($row = mysql_fetch_array($result)) {

		$product= $row['product'];   

		//Run through all 5 rows and add them to the output if they contain data.			
		for ($run = 1; $run <= 5; $run++) {

			if ($row['option'.$run] != 'NULL') {

				${'option'.$run} = $row['option'.$run];
			}else{

			${'option'.$run} = "";
			}
		}

		$product_list .= $product." - ".$option1." ".$option2." ".$option3." ".$option4." ".$option5."<br>";
	}

 

then i just call the product list variable and it works.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.