PHP code help

system · December 26, 2014, 2:50pm

Dreamweaver generated this code as an Insert for a mysql database. My question is: can I insert a mail() function inside this code to generate an acknowledgment email to the email address entered into the form simultaneously (or, can i reuse the emailAddress variable in this code?)

if ((isset($_POST[“MM_insert”])) && ($_POST[“MM_insert”] == “form1”)) {
$insertSQL = sprintf(“INSERT INTO testID (firstName, lastName, emailAddress, phone, date) VALUES (%s, %s, %s, %s, now())”,

GetSQLValueString($_POST[‘firstName’], “text”),
GetSQLValueString($_POST[‘lastName’], “text”),
GetSQLValueString($_POST[‘emailAddress’], “text”),
GetSQLValueString($_POST[‘phone’], “text”),
GetSQLValueString($_POST[‘date’], “date”));

mysql_select_db($database_iPage, $iPage);
$Result1 = mysql_query($insertSQL, $iPage) or die(mysql_error());
}

JimL · December 26, 2014, 6:19pm

Sure you can! Just make sure to add the code inside the if-block, and use the $_POST[‘emailAddress’] variable.

benanamen · December 26, 2014, 8:10pm

Stop using that Dreamweaver code. It is obsolete. You need to use PDO or mysqli.

Strider64 · December 26, 2014, 8:22pm

I think Dreamweaver code is beyond obsolete… :o ;D

TonyTheRed · December 26, 2014, 9:44pm

Thanks for the help guys! It works perfectly.
I have no experience in PHP whatsoever, and no real coding experience since college, a long time ago. (ColdFusion, if that dates it) I do recognize that the Dreamweaver code looks clunky, though. This is a serendipitous project using my newfound SQL skills, so the PHP coding is limited to what I can learn on the fly.

One additional thought. I have limited the email column to be unique, and get this if i try to make a duplicate entry: "Duplicate entry ‘[email protected]’ for key ‘PRIMARY’
Is there any way to make the error notification any more explicit, or even have it display on the form page rather than a new blank one?

Tony Hendrix

benanamen · December 26, 2014, 9:56pm

You need to first query the data base to see if that email already exists before you even get to the error stage. Then if it does exist you can handle it however you want.

JimL · December 26, 2014, 10:13pm

What Kevin said is the correct way to do this. Just wanted to break this down

[php]$Result1 = mysql_query($insertSQL, $iPage) or die(mysql_error());[/php]

Here you say the variable $Result1 should get the result of the mysql_query function, or the script should die echoing the mysql_error()

Killing the script and showing the error is not very user friendly. If you just change it to this

[php]$Result1 = mysql_query($insertSQL, $iPage) or die(mysql_error());

if (!mysql_query($insertSQL, $iPage)) {
echo 'Error: ’ . mysql_error($iPage);
}[/php]

You will get the error echoed out but the script wont die.

So why is Kevins method better? Because you do not want raw errors shown to the user (the users want a pretty error message). You would usually do this

if email already exist show pretty error message else if the query is not ok (like above) show generic "shoot. something wrong happened! please try again" message

TonyTheRed · December 26, 2014, 10:34pm

First things first: I have a decent grasp of programming concepts, but all I know about php syntax i learned today.
In the modified code below, i assume that the place i chose to insert the mail function is causing it to execute even if the insert fails. is there a better place to insert it?

[php]$editFormAction = $_SERVER[‘PHP_SELF’];
if (isset($_SERVER[‘QUERY_STRING’])) {
$editFormAction .= “?” . htmlentities($_SERVER[‘QUERY_STRING’]);
}

if ((isset($_POST[“MM_insert”])) && ($_POST[“MM_insert”] == “form1”)) {
$insertSQL = sprintf(“INSERT INTO regData (firstName, lastName, position, creditUnion, emailAddress, officeNumber, cellNumber, regDate) VALUES (%s, %s, %s, %s, %s, %s, %s, Now())”,
GetSQLValueString($_POST[‘firstName’], “text”),
GetSQLValueString($_POST[‘lastName’], “text”),
GetSQLValueString($_POST[‘position’], “text”),
GetSQLValueString($_POST[‘creditUnion’], “text”),
GetSQLValueString($_POST[‘emailAddress’], “text”),
GetSQLValueString($_POST[‘officeNumber’], “text”),
GetSQLValueString($_POST[‘cellNumber’], “text”),
GetSQLValueString($_POST[‘regDate’], “date”));

$to = $_POST[‘emailAddress’];
$subject = “SSUG registration confirmation”;
$txt = “body here”;
$headers = “From: Tony Hendrix [email protected]”;

mail($to,$subject,$txt,$headers);

mysql_select_db($database_ssug, $ssug);
$Result1 = mysql_query($insertSQL, $ssug) or die(mysql_error());

$insertGoTo = “SSUG2015land.html”;
if (isset($_SERVER[‘QUERY_STRING’])) {
$insertGoTo .= (strpos($insertGoTo, ‘?’)) ? “&” : “?”;
$insertGoTo .= $_SERVER[‘QUERY_STRING’];
}
header(sprintf(“Location: %s”, $insertGoTo));
}[/php]

benanamen · December 27, 2014, 1:28am

You will go a lot farther a lot faster if you just take a little time to study some basic PHP tutorials.

Topcoder · December 27, 2014, 1:31am

You can also do an INSERT IGNORE - If a duplicate key is found, it will just ignore the insert statement and keep processing. But if really depends on your needs, if you need to show that a duplicate already exists I would follow JimL and Kevin’s Example.

[php] $insertSQL = sprintf(“INSERT IGNORE INTO regData (firstName, lastName, position, creditUnion, emailAddress, officeNumber, cellNumber, regDate) VALUES (%s, %s, %s, %s, %s, %s, %s, Now())”,
GetSQLValueString($_POST[‘firstName’], “text”),
GetSQLValueString($_POST[‘lastName’], “text”),
GetSQLValueString($_POST[‘position’], “text”),
GetSQLValueString($_POST[‘creditUnion’], “text”),
GetSQLValueString($_POST[‘emailAddress’], “text”),
GetSQLValueString($_POST[‘officeNumber’], “text”),
GetSQLValueString($_POST[‘cellNumber’], “text”),
GetSQLValueString($_POST[‘regDate’], “date”));[/php]

Topcoder · December 27, 2014, 6:05pm

[member=46186]Kevin Rubio[/member]

It won’t overwrite any data, it will ignore the insert statement and the original data will still be in the database and it will just resend the original confirmation email.

It appears, that’s all he’s using it for is just to have a person sign up for a newsletter or something. It doesn’t have any password, so their is no log in information.

Strider64 · December 27, 2014, 7:03pm

My opinion if the OP is just using this for a newsletter for example, then just having the person sign up with their email (maybe first & last name) would be sufficient in my opinion. Most people are even leery of given out their email address and I know some people that give out a spam email address (I know I do ). They definitely won’t give out any kind of credit union information (I know I wouldn’t :o). I agree with Topcoder unless information being ask is sensitive in nature, for people don’t want to have that bouncing around the internet. It’s bad enough that big corporations lately have been exposed to security issues and once you lost the trust of of the public then it’s hard to get them back. Specially if you are a small minnow (website) in the ocean (the internet). Just my opinion.

benanamen · December 27, 2014, 7:40pm

[member=69011]Topcoder[/member] , your right, confused it with ON DUPLICATE KEY UPDATE. Too many Christmas eggnogs.