Adding a news item and updating members

Beginners - Learning PHP
#1

I use the following code to add a news item to a club website (all works fine). However, I would like to add to the code so I can email all club members about the update (same database different table). I have tried several ways but just can’t get it to work. Any advice appreciated.

<?php
$date=$_POST['date'];
$time=$_POST['time'];
$subject=$_POST['subject'];
$category=$_POST['category'];
$article = addslashes($_POST['content']);
$source=$_POST['source'];
// Create & Check Connection //
include("connect.php");
// Insert News Item //
$sql = "INSERT INTO news (date, time, subject, category, article, source)
VALUES ( '$date',  '$time', '$subject', '$category', '$article', '$source')";
// Redirect //
if ($conn->query($sql) === true) {
echo "";
header("Refresh: 2;url=add-news.php");
echo "<div style='text-align:center;margin-top:50px;font:Arial;'>";
echo "<p>New NEWS ITEM created successfully.</p>";
echo "<p>You will be redirected back to the Entry Page in 2 seconds.<br></p>";
echo "<p>If you are not redirected yet, <a href='add-news.php'>click here</a></p></div>.";}
else { echo "Error: " . $sql . "<br>" . $conn->error; };
 $conn->close();
 ?>
#2

Welcome to our site! Glad you could join us!

Well, this code needs some important changes to make it safe. First up, you do not protect your database from hackers. The user can enter codes that can erase your entire database with the code you have posted. You need to filter out programming codes from your inputs. For example, $subject=$_POST[“subject”]; should be something like $subject=filter_input(INPUT_POST, “subject”); This is the least you can do to protect your database from false entries by hackers.

Next, you should learn how to use PREPARED-STATEMENTS. Basically, these will protect all inputs from your users when saving them into your database. It is important nowadays to protect your data at all times.

What is this for? Are you trying to post to the same page or to another page. Either way, this will not work. Normally, you post back to the same page and once the data is updated, you redirect to a “registration successful” type of page. To redirect you use header(“Location: somepage.php”); But, your code is attempting to refresh a page and that does not make sense.

#3

Thanks for you tips - I’m just a beginner and I didn’t even think about hackers. Just wanted it to work. I’ll implement your suggestions.
The 2 sec refresh works fine and is to give confidence to a non technical user ie. the news item was added successfully.
I would still like to inform club members by email that a new news item has been added.
Thank you

#4

Well, for a simple members site, you would use all of these displays and emails in just one file.
Loosely you would implement it in one file that posts to itself and handles all the buttons, something like:

< ?PHP
Your php routines to handle all of the buttons on your form…
? >
< html> all of your webpage here
< form action="" method=“POST”>
Your fome here with any buttons.
< /form>
< / html>
So, your entire processing of everything that has to do with registration would be on one page.
And, if they successfully registered, it would be displayed instead of the form itself. You can have it
redirected to a new form that says welcome-to-our-site or something by changing the action="" to the page you want to handle the posted data. Just as easy to do it in one page.

Sending emails is also quite easy to do. But, the email might need to have a real email address to be able to send it out. You can use your own while testing and once on a live server, it would use the server’s email address for returns.

Hope this helps…

#5

Hi again
I think you misunderstood me
The club has a membership database with email addresses. When a news item is added to the website, I want to email all members to tell them there is a new news item.
So at the end of the current php script I want to add some code to send everyone an email.
You can see the news item on the home page here >> https://taunton-fitness.uk

#6

Well, let’s say you want to send out emails to 50 people. The best email is HTML so that it looks “pretty”!
To do this, you would look thru your membership list and send one email at a time for all of them. The reason why you send one at a time is to keep the recieving end from marking it as SPAM. You do not want to send 50 CC’s or BCC’s as that is considered SPAM. Here is a simple example. It contains a table so you can just see how HTML works with items like tables. Of course, you would want to add some fancy images and other things to beef it up some…

<?php 
$results=$conn->query("SELECT * FROM users_table");
while($row=$results->fetch()) (
$to = $row["email"];
$subject = "Your HTML email SUBJECT";

$message = "
<html>
<head>
<title>HTML email</title>
</head>
<body>
<p>This email contains HTML Tags!</p>
<table>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>
<tr>
<td>".$row["first_name"]."</td>
<td>".$row["last_name"]</td>
</tr>
</table>
</body>
</html>
";

// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";

// More headers
$headers .= 'From: <[email protected]>' . "\r\n";

mail($to,$subject,$message,$headers);
}
?>

This is not tested, just a quick sampler on how to do it. You do not need to personalize the email with their name embedded if you just want a notice sent. And, if so, you do not need to rebuild the message for each email. But, I find that making it a little personal often makes it better… Hope this is what you need!

Sponsor our Newsletter | Privacy Policy | Terms of Service