Jump to content

Recommended Posts

<?php
include('inc/header.php');

if(isset($_POST['submit']))
{
if ($_POST['owner'] < 1)
{
echo " You are trying to send a message to an illegal ID!";
}
elseif ($_POST['message'] = "")
{
echo " Please enter a message!";
}
else
{


Echo
" Message Sent!";


mysql_query("UPDATE `users` SET mail = mail + 1 WHERE ID = $_POST[owner]");
$query2="INSERT INTO mail(text,owner,sender,subject,time)VALUES ('$_POST[message]','$_POST[owner]', '$user->ID', '$_POST[subject]', 'now()')";
$rt=mysql_query($query2);


}
}









echo"
<form method=POST>

ID:
  <input name=owner size=12 maxlength=10 value=$_GET[iD]><br>

  Subject : <input name='subject' size=12 maxlength=25><br>

Message:<br><textarea name='message' cols=25 rows=10></textarea>


<input type=submit name=submit id=submit value=Submit>

";

include('inc/footer.php');
?>

 

this is my code, for writing a simple mail.

 

the thing is, everything gets saved in mysql, except the message itself.  why is that?

 

 

also: my timestamp comes out like 0000-00-00-000-00 or something, is the now() the right thing to use?

Link to comment
https://forums.phpfreaks.com/topic/91590-phpmysql-help/
Share on other sites

When using a variable which is an array within a string you should warp them with braces {}

 

Also it is not recommended to place raw $_POST data into a query. You should atleast validate and escape/secure user input before using it within a query.

Link to comment
https://forums.phpfreaks.com/topic/91590-phpmysql-help/#findComment-469139
Share on other sites

for timestamp: the table is named, time, field timestamp, and default 0000-00-000, etc

 

chris, thats not the problem, the thing is, when the message is sent, eevrything gets saved,EXCEPT for the message.

 

ie: the owner,sender,subject get saved, except for timestamp and message

 

 

and wild: could u explain what you mean

Link to comment
https://forums.phpfreaks.com/topic/91590-phpmysql-help/#findComment-469141
Share on other sites

try this and see if anything has changed:

 

<?php
include('inc/header.php');

if(isset($_POST['submit'])){
if ($_POST['owner'] < 1)
{
	echo " You are trying to send a message to an illegal ID!";
}
elseif ($_POST['message'] == ""){
	echo " Please enter a message!";
}
else
{
	echo
	" Message Sent!";
	mysql_query("UPDATE `users` SET mail = mail + 1 WHERE ID = $_POST[owner]");
	$query2="INSERT INTO mail(text,owner,sender,subject,time)VALUES ('$_POST[message]','$_POST[owner]', '$user->ID', '$_POST[subject]', NOW())";
	$rt=mysql_query($query2);
}
}



?>

Link to comment
https://forums.phpfreaks.com/topic/91590-phpmysql-help/#findComment-469152
Share on other sites

About using raw user input (from $_POST/$_GET etc) in a query? If so have a read up on SQL Injection. If you use your script as it is it'll be prone to SQL Injections which will allow a malicious user to perform SQL queries from your form.

Link to comment
https://forums.phpfreaks.com/topic/91590-phpmysql-help/#findComment-469162
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.