YNWA Posted March 7, 2008 Share Posted March 7, 2008 Hi, I know how to get standard hyperlinks in PHP. But what I would like to do is this: My user registers with email address, when they add a book, there email address is recorded and when you click view books, you can see the person who entered the book via a user email cell, this is shown by using POST userEmail. What I want to do is when a user clicks on the view books page, the select the book they want to view and all the cell info is shown: From the add book SQL $sql = "INSERT INTO review (userEmail, bookTitle, author, bookDescription, price) VALUES ( '$_SESSION[user]', '$_POST[bookTitle]', '$_POST[author]', '$_POST[bookDescription]', '$_POST[price]' )"; From the view book SQL: $sql = "SELECT userEmail, bookTitle, author, bookDescription, price FROM review WHERE author = '$_POST[sel_review]'"; // Execute the SQL $result = mysql_query($sql,$conn); while ($newArray = mysql_fetch_array($result)) { $userEmail = $newArray['userEmail']; $bookTitle = $newArray['bookTitle']; $author = $newArray['author']; $bookDescription = $newArray['bookDescription']; $price = $newArray['price']; } echo " <table width=\"500\" border=\"0\"> <tr> <td width=\"128\"><strong>User Email</strong></td> <td width=\"157\">$userEmail</td> </tr> <tr> <td><strong>Book Title</strong> </td> <td>$bookTitle</td> </tr> <tr> <td><strong>Author</strong> </td> <td>$author</td> </tr> <tr> <td colspan=\"2\"><strong>Book Description</strong> </td> <td width=\"500\">$bookDescription</td> </tr> <tr> <td><strong>Sale Price</strong> </td> <td>$price</td> </tr> </table> "; echo "<form method=\"POST\" action=\"$SERVER[php_SELF]\"> <input type=\"submit\" name=\"submit\" value=\"View Another\"> </form>"; } and that all works fine, but is there a way that I can make the userEmail be displayed as a mailto: hyperlink, so users can simply click the email address and email the person who submitted that book? Cheers Will Link to comment https://forums.phpfreaks.com/topic/94876-hyperlinks-in-php/ Share on other sites More sharing options...
puritania Posted March 7, 2008 Share Posted March 7, 2008 I'm sorry, but your code is very unsafe. I don't see any error_reporting(E_ALL); at your first line. Even your form isn't safe for XSS and SQL Injections. I also don't understand where your problem is or don't you know how a mailto: link works? <a href="mailto:<?php echo $yourEmail; ?>">Mail me</a> Link to comment https://forums.phpfreaks.com/topic/94876-hyperlinks-in-php/#findComment-486037 Share on other sites More sharing options...
conker87 Posted March 7, 2008 Share Posted March 7, 2008 mysql_real_escape_string() your $_POST data. Link to comment https://forums.phpfreaks.com/topic/94876-hyperlinks-in-php/#findComment-486159 Share on other sites More sharing options...
YNWA Posted March 7, 2008 Author Share Posted March 7, 2008 Unsafe in what way? this is jus a uni project, does that matter? I know how to to HTML mailto, but does it work in the PHP form, when displaying the user who submitted the datas email address. Link to comment https://forums.phpfreaks.com/topic/94876-hyperlinks-in-php/#findComment-486163 Share on other sites More sharing options...
conker87 Posted March 7, 2008 Share Posted March 7, 2008 Well, if your magic quotes are off then anyone can waltz into your script add a DROP here, a table name there and a -- at the end and bam, no more table. Yes it will work if you use it in your script, echo outputs in html. Also, I think echo "<form method=\"POST\" action=\"$SERVER[php_SELF]\"> Should be: echo "<form method=\"POST\" action=\"". $_SERVER['PHP_SELF'] . "\"> Link to comment https://forums.phpfreaks.com/topic/94876-hyperlinks-in-php/#findComment-486167 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.