Need help posting to mysql and sending email from form

gabbymiles · October 11, 2015

I am attempting to post data to database and send email. code works separately with only email submit or database insert but combining actions are giving me fits.

The combined code does send email, however does not insert into MySQL.

Also, I am looking at updating code as this is old, however need this running now.

Thanks in advance.

Here is my code.

<?php
//error_reporting(E_ALL);
//ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field){

// Sanitize user name
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
if(filter_var($field, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
	return $field;
	    }else{	
	return FALSE;
        }
		}    
    function filterEmail($field){

// Sanitize e-mail address
$field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL)){
	return $field;
		}else{
	return FALSE;
    	}
	   	}
function filterString($field){

// Sanitize string
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);
if(!empty($field)){
	return $field;
        }else{
	return FALSE;
        }
		}

// Define variables and initialize with empty values
$txtaddressErr = 
$txtmainErr = 
$txtsubjectErr =
$txttitle2Err = 
$txtbusinesstitleErr =
$txtaddress2Err ="";

$txtaddress = 
$txtmain = 
$txtsubject = 
$txttitle2 = 
$txtbusinesstitle =
$txtaddress2 = "";

// Processing form data when form is submitted
if(isset($_POST['submit'])){
      include ("connect.php");
     
// Validate user name
if(empty($_POST["txtaddress"])){
$txtaddressErr = 'Please enter your Keywords.';
		}else{
$txtaddress = filterName($_POST["txtaddress"]);
if($txtaddress == FALSE){
$txtaddressErr = 'Please enter a valid Keywords.';
		}
	    }
    
// Validate email address
if(empty($_POST["txtmain"])){
$txtmainErr = 'Please enter your email address.';
	    }else{
$txtmain = filterEmail($_POST["txtmain"]);
if($txtmain == FALSE){
$txtmainErr = 'Please enter a valid email address.';
		}
        }
       
// Validate need
if(empty($_POST["txtsubject"])){
$txtsubjectErr = 'Please enter your need.';     
		}else{
$txtsubject = filterString($_POST["txtsubject"]);
if($txtsubject == FALSE){
$txtsubjectErr = 'Please enter a need.';
		}
        }
// Validate message subject
if(empty($_POST["txtaddress2"])){
$txtaddress2Err = "Please enter an Industry";
		}else{
$txtaddress2 = filterString($_POST["txtaddress2"]);
if($txtaddress2 == FALSE){
$txtaddress2Err = 'Please enter an Industry.';
		}
		}

// Validate user comment
if(empty($_POST["txttitle2"])){
$txttitle2Err = 'Please enter your offer.';     
		}else{
$txttitle2 = filterString($_POST["txttitle2"]);
if($txttitle2 == FALSE){
$txttiele2Err = 'Please enter a valid offer.';
		}
        }

// Check input errors before sending email
if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err)){

// Recipient email address
$to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
echo '<p class="success">Your message has been sent successfully!</p>';
$stuid = $_POST['txtid'];
$address = trim($_POST['txtaddress']);
$sub = trim($_POST['txtsubject']);	
$date = trim($_POST['txtdate']);
$main = trim($_POST['txtmain']);
$title2 = trim($_POST['txttitle2']);
$address2 = trim($_POST['txtaddress2']);
$agentid = trim($_POST['txtagentid']);
$businesstitle = trim($_POST['txtbusinesstitle']);
if(isset($_POST['submit'])){
include ("connect.php");
	   
$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
        }
		}
        }
	    }
//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }
	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; ?>

<form method="post" action="">
 <tr>
<?php
	include ("connect.php");
	$g = mysql_query("select max(stuid) from tbl_student");
	while($id=mysql_fetch_array($g))
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /></textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input type="text" name="txtsubject" id="txtzubject">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle2">Your Name:</label></td>
            <td><input type="text" name="txtbusinesstitle" id="txtbusinesstitle">
            <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
          <tr>
            <td>Industry:</td>
            <td><input type="text" name="txtaddress2" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

benanamen · October 11, 2015

You commented out the error reporting and display. Start with un-commenting that and tell us what errors you get.

QuickOldCar · October 11, 2015

define all these with = "";

$txtaddressErr =
$txtmainErr =
$txtsubjectErr =
$txttitle2Err =
$txtbusinesstitleErr =
$txtaddress2Err ="";

$txtaddress =
$txtmain =
$txtsubject =
$txttitle2 =
$txtbusinesstitle =
$txtaddress2 = "";

Checking if post was submit twice

if(isset($_POST['submit'])){

Only need to include this once

include ("connect.php");

mysql_* functions are deprecated and being removed in php7. Use pdo or mysqli

You should really use the escape functions for any values inserting into the mysql query.

Tommie84 · October 11, 2015

do proper indenting on your code

function greet ($user)
{
    if (date('H') < 12)
    {
        $output = "Good morning $user"
    }
    else
    {
        $output = "Hello $user";
    }
    return $output;
}

function greet ($user) {
if (date('H') < 12) {
$output = "Good morning $user"}
else {
$output = "Hello $user";}
return $output;}

function greet ($user) {if (date('H') < 12) {$output = "Good morning $user"} else {$output = "Hello $user";} return $output;}

wich of the 3 samples above does make it easy to detect errors?

Barand · October 11, 2015

define all these with = "";

$txtaddressErr =

$txtmainErr =

$txtsubjectErr =

$txttitle2Err =

$txtbusinesstitleErr =

$txtaddress2Err ="";

@QoC,

See end of para 7 on http://php.net/manual/en/language.expressions.php

Since assignments are parsed in a right to left order, you can also write '$b = $a = 5'.

QuickOldCar · October 11, 2015

@Barand, I know that, shouldn't the script throw an error because multiple lines and no semicolon to end the statement?

I just tried it and doesn't throw a parse error. I tend to be more consistent for better readability, like indentations, curly braces, returns and so on.

It goes against what they say.

As in C or Perl, PHP requires instructions to be terminated with a semicolon at the end of each statement. The closing tag of a block of PHP code automatically implies a semicolon; you do not need to have a semicolon terminating the last line of a PHP block. The closing tag for the block will include the immediately trailing newline if one is present.

I would do it all one line.

// Define variables and initialize with empty values
$txtaddressErr = $txtmainErr = $txtsubjectErr = $txttitle2Err = $txtbusinesstitleErr = $txtaddress2Err = "";

$txtaddress = $txtmain = $txtsubject = $txttitle2 = $txtbusinesstitle = $txtaddress2 = "";

mac_gyver · October 11, 2015

it's all one statement. it doesn't matter how many lines it's on in the file.

or just use arrays for the errors and data and avoid all that typing for each different form.

gabbymiles · October 11, 2015

OK here is what I did. (sill not working bty)

1. Defined Err variables with ""';

2. Removed duplicate submit and include

3. Used escape string

4. Cleaned up indention to the best of my limited knowledge.

Below is the updated code.

Again:

1. error functions work (nothing pass if form is not properly filled out)

2. if form is filled out correctly, the email sends however database insert does not work.

3. if I remove error and email functions, database insert work.

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field)
{

// Sanitize user name
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
    if(filter_var($field, FILTER_VALIDATE_REGEXP, 
	    array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
            return $field;
        } else {	
            return FALSE;
            }
        }    
function filterEmail($field)
{

// Sanitize e-mail address
    $field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
    if(filter_var($field, FILTER_VALIDATE_EMAIL)){
        return $field;
        } else {
            return FALSE;
            }
        }
function filterString($field)
{

// Sanitize string
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);
    if(!empty($field)){
        return $field;
        } else {
	        return FALSE;
            }
        }

// Define variables and initialize with empty values
$txtaddressErr = "";
$txtmainErr = "";
$txtsubjectErr = "";
$txttitle2Err = "";
$txtbusinesstitleErr = "";
$txtaddress2Err ="";

$txtaddress = "";
$txtmain = "";
$txtsubject = "";
$txttitle2 = "";
$txtbusinesstitle = "";
$txtaddress2 = "";

// Processing form data when form is submitted
if(isset($_POST['submit'])){
    include ("connect.php");
     
// Validate user Keywords
if(empty($_POST["txtaddress"])){
    $txtaddressErr = 'Please enter your Keywords.';
    } else {
        $txtaddress = filterName($_POST["txtaddress"]);
    if($txtaddress == FALSE){
        $txtaddressErr = 'Please enter a valid Keywords.';
    }
}
    
// Validate email address
if(empty($_POST["txtmain"])){
    $txtmainErr = 'Please enter your email address.';
    } else {
        $txtmain = filterEmail($_POST["txtmain"]);
    if($txtmain == FALSE){
        $txtmainErr = 'Please enter a valid email address.';
    }
}
       
// Validate need
if(empty($_POST["txtsubject"])){
    $txtsubjectErr = 'Please enter your need.';     
    } else {
        $txtsubject = filterString($_POST["txtsubject"]);
    if($txtsubject == FALSE){
        $txtsubjectErr = 'Please enter a need.';
    }
}
// Validate Industry
if(empty($_POST["txtaddress2"])){
    $txtaddress2Err = "Please enter an Industry";
    } else {
        $txtaddress2 = filterString($_POST["txtaddress2"]);
    if($txtaddress2 == FALSE){
        $txtaddress2Err = 'Please enter an Industry.';
    }
}

// Validate user offer
if(empty($_POST["txttitle2"])){
    $txttitle2Err = 'Please enter your offer.';     
    } else {
        $txttitle2 = filterString($_POST["txttitle2"]);
    if($txttitle2 == FALSE){
        $txttitle2Err = 'Please enter a valid offer.';
    }
}

// Validate user name
if(empty($_POST["txtbusinesstitle"])){
    $txtbusinesstitleErr = 'Please enter your name.';     
    } else {
        $txtbusinesstitle = filterString($_POST["txtbusinesstitle"]);
    if($txtbusinesstitle == FALSE){
        $txtbusinesstitleErr = 'Please enter a valid name.';
    }
}
// Check input errors before sending email
if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err)){

// Recipient email address
    $to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
    echo '<p class="success">Your message has been sent successfully!</p>';
$stuid = mysql_real_escape_string($_POST['txtid']);
$address = mysql_real_escape_string($_POST['txtaddress']);
$sub = mysql_real_escape_string($_POST['txtsubject']);	
$date = mysql_real_escape_string($_POST['txtdate']);
$main = mysql_real_escape_string($_POST['txtmain']);
$title2 = mysql_real_escape_string($_POST['txttitle2']);
$address2 = mysql_real_escape_string($_POST['txtaddress2']);
$agentid = mysql_real_escape_string($_POST['txtagentid']);
$businesstitle = mysql_real_escape_string($_POST['txtbusinesstitle']);
	   
$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
}
}
}
//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }

	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; 
?>

<form method="post" action="">
 <tr>
<?php
//include ("connect.php");
$g = mysql_query("select max(stuid) from tbl_student");
while($id=mysql_fetch_array($g))
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /></textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input type="text" name="txtsubject" id="txtsubject">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle">Your Name:</label></td>
            <td><input type="text" name="txtbusinesstitle" id="txtbusinesstitle">
            <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtaddress2">Industry:</label></td>
            <td><input type="text" name="txtaddress2" id="txtaddress2" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
    
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
    
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
    
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

mac_gyver · October 11, 2015

you need to form the sql query statement in a php variable, then echo or var_dump that variable so that you know what the sql actually is. you also need to check for and handle any query errors.

note: you cannot guarantee that getting the highest id from a database table, incrementing it, and inserting it in a new row in the database table will produce unique numbers. you will eventually get a collision where two or more concurrent instances of your script are running and try to insert the same value.

gabbymiles · October 11, 2015

Thanks mac_gyver, I tried different ways to no avail. No errors. I used the same MySQL query from another working page. (just MySQL insert, not both insert and email).

Any more ideas?

benanamen · October 11, 2015

@gabbymiles,

I have some free time on my hands today. If you can provide a zip of EVERTHING I need to run it, I will look into it. That also includes an sql dump of the db including create table sql and at least a few rows of sample data.

mac_gyver · October 12, 2015

I tried different ways to no avail

you may have tried a bunch of things, but if you didn't echo out the sql query statement so that you (and us) will know what it is (which would also confirm that the code where the query is at is running) and check if the query is producing an error or not, you will never narrow down the problem and find what's causing it.

it's also possible that your code is inserting a row, but its not where you are looking for it at. that you are specifying the database name in the insert query means that the insert query could be operating on a different database than the one you think it is from the connection code.

i tried your last posted code and it did run to send the email, display the success message, and insert the row in the database table. the needed step would be for you to add code that checks if the query is failing or not and if it is failing, what the mysql error is.

gabbymiles · October 12, 2015

Thanks Benamamen,

If last resort I will, however if I could have someone review the code and point out what I'm missing. I'm happy to do the research and work. I'm just stuck at this point.

gabbymiles · October 12, 2015

ok Mac_gyver, I called the MySQL output however i'm sure it isn't correct. I coded it the best I could.

I'm getting an error. Fatal error: Call to a member function query() on a non-object in /home/unaction/public_html/partnerupby2.com/post.php on line 141

line 41 starts at if ($con->query($...

if(isset($_POST['submit'])){
include ("connect.php");

$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES
('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");

if ($con->query($i) === TRUE){
echo "Success";
} else {
echo('Error: ' . mysql_error());
}

Jacques1 · October 12, 2015

Why are you checking $con->query()? There is no $con variable anywhere in your code. Did you copy-and-paste this error check from somebody else?

At best, you'd check $i. That's your query result. If it's false, then there's an error.

gabbymiles · October 12, 2015

Jacques1, it came from my connection code.

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

$con = mysql_connect("localhost","mydb","user") or die (mysql_error());
		mysql_select_db ("mydb", $con);
		//echo "Connected";
	?>

I'll just use $I and see.

Jacques1 · October 12, 2015

$con is not an object. It doesn't have a query() method (or any other method).

gabbymiles · October 12, 2015

Jacques1, thanks you are right, I just used $I and got duplicate ID error where increment wasn't working. However Mc_gyver saw this coming so I will need to change how I approach that. Thanks Mc_gyver.

Now it is updating and emailing.

Another Issue: Error handling is working on the front end and stripping "less than" symbol from string in the email, it is passing through to MySQL.

Any ideas why error handling isn't stopping this. Again, I do realize updating to newer code would make it easier on myself and I will get to it but again, need a quick fix for the moment.

Thanks again.

Here is the updated code. (I know its ugly, but im trying)

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field)
{

// Sanitize user name
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
    if(filter_var($field, FILTER_VALIDATE_REGEXP, 
	    array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
            return $field;
        } else {	
            return FALSE;
            }
        }    
function filterEmail($field)
{

// Sanitize e-mail address
    $field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
    if(filter_var($field, FILTER_VALIDATE_EMAIL)){
        return $field;
        } else {
            return FALSE;
            }
        }
function filterString($field)
{

// Sanitize string
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);
    if(!empty($field)){
        return $field;
        } else {
	        return FALSE;
            }
        }

// Define variables and initialize with empty values
$txtaddressErr = "";
$txtmainErr = "";
$txtsubjectErr = "";
$txttitle2Err = "";
$txtbusinesstitleErr = "";
$txtaddress2Err ="";

$txtaddress = "";
$txtmain = "";
$txtsubject = "";
$txttitle2 = "";
$txtbusinesstitle = "";
$txtaddress2 = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Processing form data when form is submitted
    include ("connect.php");
	if(isset($_POST['submit'])){

     
// Validate user Keywords
if(empty($_POST["txtaddress"])){
    $txtaddressErr = 'Please enter your Keywords.';
    } else {
        $txtaddress = filterName($_POST["txtaddress"]);
    if($txtaddress == FALSE){
        $txtaddressErr = 'Please enter a valid Keywords.';
    }
}
    
// Validate email address
if(empty($_POST["txtmain"])){
    $txtmainErr = 'Please enter your email address.';
    } else {
        $txtmain = filterEmail($_POST["txtmain"]);
    if($txtmain == FALSE){
        $txtmainErr = 'Please enter a valid email address.';
    }
}
       
// Validate need
if(empty($_POST["txtsubject"])){
    $txtsubjectErr = 'Please enter your need.';     
    } else {
        $txtsubject = filterName($_POST["txtsubject"]);
    if($txtsubject == FALSE){
        $txtsubjectErr = 'Please enter a need.';
    }
}
// Validate Industry
if(empty($_POST["txtaddress2"])){
    $txtaddress2Err = "Please enter an Industry";
    } else {
        $txtaddress2 = filterName($_POST["txtaddress2"]);
    if($txtaddress2 == FALSE){
        $txtaddress2Err = 'Please enter an Industry.';
    }
}

// Validate user offer
if(empty($_POST["txttitle2"])){
    $txttitle2Err = 'Please enter your offer.';     
    } else {
        $txttitle2 = filterName($_POST["txttitle2"]);
    if($txttitle2 == FALSE){
        $txttitle2Err = 'Please enter a valid offer.';
    }
}

// Validate user name
if(empty($_POST["txtbusinesstitle"])){
    $txtbusinesstitleErr = 'Please enter your name.';     
    } else {
        $txtbusinesstitle = filterName($_POST["txtbusinesstitle"]);
    if($txtbusinesstitle == FALSE){
        $txtbusinesstitleErr = 'Please enter a valid name.';
    }
}

$stuid = mysql_real_escape_string($_POST['txtid']);

$address=preg_replace("/[^\`a-z,. \'\-\d]/i", "", $txtaddress);
$address = mysql_real_escape_string($_POST['txtaddress']);
$sub = mysql_real_escape_string($_POST['txtsubject']);	
$date = mysql_real_escape_string($_POST['txtdate']);
$main = mysql_real_escape_string($_POST['txtmain']);
$title2 = mysql_real_escape_string($_POST['txttitle2']);
$address2 = mysql_real_escape_string($_POST['txtaddress2']);
$agentid = mysql_real_escape_string($_POST['txtagentid']);
$businesstitle = mysql_real_escape_string($_POST['txtbusinesstitle']);

 if(isset($_POST['submit'])){
       include ("connect.php");

if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err) && empty($txsubject2Err) && empty($txtaddress2Err) && empty($txtbusinesstitleErr)){

$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
 
 if ($i === TRUE){
	 echo "Success";
 } else {
            echo('Error: ' . mysql_error());
        }
 
 }
// Check input errors before sending email

if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err) && empty($txsubject2Err) && empty($txtaddress2Err) && empty($txtbusinesstitleErr)){
// Recipient email address
    $to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
    echo '<p class="success">Your message has been sent successfully!</p>';
}
}}
}
}

//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }

	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; 
?>

<form method="post" action="">
 <tr>
<?php
include ("connect.php");
$g = mysql_query("select max(stuid) from tbl_student");
while($id=mysql_fetch_array($g))
{
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    <?
}
?>
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /><?php echo $txtaddress; ?>
    </textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input name="txtsubject" type="text" id="txtsubject" value="<?php echo $txtsubject; ?>">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"><?php echo $txttitle2; ?></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle">Your Name:</label></td>
            <td><input name="txtbusinesstitle" type="text" id="txtbusinesstitle" value="<?php echo $txtbusinesstitle; ?>">
      <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtaddress2">Industry:</label></td>
            <td><input name="txtaddress2" type="text" id="txtaddress2" value="<?php echo $txtaddress2; ?>" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
    
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
    
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
    
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

Jacques1 · October 12, 2015

You're inserting the original data instead of the filtered data.

But like you already said yourself: This code desparately needs an update. Blocking less-than signs as a “security measure” may have been acceptable in the 90s, but nowadays people are used to professional software which doesn't choke on a simple input character.

Edited October 12, 2015 by Jacques1

Sign In

Need help posting to mysql and sending email from form

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information