Function passing variables to email & insert, email works, insert only partial works

**wannauseit** · 10-30-2012 09:06 PM

Hello,

I have a script that partially works. The function of the script is to email the user and insert to a table from text input using $POST_ and check boxes of items using array. My problem is, the script will send all of the "check box chosen" array variable values to the email (like I want), yet only the $POST_ variables will insert to the table. I cannot get the "check box chosen" array variable values to INSERT, only the form $POST.

Since the user may choose many check boxes at a time, it sends 1 email per row, I may ask for help with a "loop" and "delete" function later, but I'll try to figure it out later. I don't want to be a burden.

Also, I do know this code has inject problems, but I would like to get the insert working (and delete from other table later) first.

Any help you can give is greatly appreciated. I have beat my head against a wall for over a week now!

Code:

function insert_wire() {

        $checkbox=$_POST['checkbox'];

        for($i=0;$i<count($checkbox);$i++){
        $del_id = $checkbox[$i];

        $differencetolocaltime=2; // Local server time offset in hours
        $new_U=date("U")-$differencetolocaltime*1810; // + to add, - to subtract
        $time = date("l F d Y @ g:i a", $new_U); 
	$job_name = $_POST['job_name'];
	
	$job_email = $_POST['job_email'];

        $p_o_number = $_POST['p_o_number'];

        $size = $row['size'];

        $conductor = $row['conductor'];

        $insulation = $row['insulation'];

        $length = $row['length'];

        // Strip \r and \n from the email address

        $job_name = stripslashes($job_name);

        $job_name = preg_replace("/\r/", "", $job_name);

        $job_name = preg_replace("/\n/", "", $job_name);

        // Remove injected headers

        $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");

        $job_name = preg_replace($find, "**bogus header removed**", $job_name);

        //$location = preg_replace($find, "**bogus header removed**", $location);

        $headers .= "From: " . $_POST["job_email"];
        $headers .= "MIME-Version: 1.0\r\n";
        $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

	$ip = $_SERVER["REMOTE_ADDR"];

	$host = gethostbyaddr($ip);

	$subject = $_POST["job_name"] . "\nWire Addition"; // your website or chosen Subject

	$site = "http://www.mysite.com"; // submitted from
        
        // multiple recipients
        $to  = 'me@myemail.com' . ', '; // note the comma
        $to .= $_POST["job_email"];
	
	$message = '<html><body>';
	$message .= '<img src="http://www.mysite.com/logo.jpg" alt="logo" />';
        $message .= '<table rules="all" style="border-color: #000;" border="2" cellpadding="2" width="500">';
        $message .= "<tr><td colspan='2'><strong> Job Name:</strong> </td><td colspan='3'>" . $_POST['job_name'] . "</td></tr>";
        $message .= "<tr><td colspan='2'><strong>Email:</strong> </td><td colspan='3'>" . $_POST['job_email'] . "</td></tr>";
        $message .= "<tr><td colspan='2'><strong>PO#:</strong> </td><td colspan='3'>" . $_POST['p_o_number'] . "</td></tr>";
        $message .= "<tr><td colspan='2'><strong>Time of Order:</strong> </td><td colspan='3'>" . $time . "</td></tr>";

        $message .= "<tr>";
        $message .= "<td><strong>ID</strong></td>";
        $message .= "<td><strong>Size</strong></td>";
        $message .= "<td><strong>Conductor</strong></td>";
        $message .= "<td><strong>Insulation</strong></td>";
        $message .= "<td><strong>Length</strong></td>";
        $message .= "</tr>";
        $query="SELECT * FROM unclaimed WHERE id='$del_id'";
        $result=mysql_query($query) or die(mysql_error());
        $sno=1;
        while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
        $message .= "<tr>";
        $message .= "<td>" . $row['id'] . "</td>";
        $message .= "<td>" . $row['size'] . "</td>";
        $message .= "<td>" . $row['conductor'] . "</td>";
        $message .= "<td>" . $row['insulation'] . "</td>";
        $message .= "<td>" . $row['length'] . "</td>";
        $message .= "</tr>";

        $sno=$sno+1;
        }

        $message .= "</table>";
        $message .= "</body></html>";

	$message2 = "Submitted from: " . $site . "\nHost: " . $host . "\nIP: " . $ip . "\nTime: " . $time . "\n\nJob Name: " . $job_name . "\n\nEmail: " . $job_email . "\n\nPO Number: " . $p_o_number;


        if ($job_name && $job_email && $p_o_number) {

		if (mail($to, $subject, $message, $headers)) {

	$sql2="select * from unclaimed where id='$del_id'";

	$result2=mysql_query($sql2) or die("select  fails");

	$no=mysql_num_rows($result2);
	


        }

        }

	if ($no > 0) {

		$sql = "insert INTO claimed (id,size,conductor,insulation,length,time,job_name,job_email,p_o_number) SELECT NULL,'$size','$conductor','$insulation','$length',now(),'$job_name','$job_email','$p_o_number' FROM unclaimed WHERE id='$del_id'";

		$result = mysql_query($sql) or die("insert fails");

		echo "<br /><h1>Wire Added</h1>";

	} else {

		echo "<br /><h1>This wire has already been added.</h1>";



	}
             }
}
echo mysql_error();
?>

**wannauseit** · 10-31-2012 05:19 AM

I'm sorry, I used the wrong tags in my previous post.

PHP Code:


function insert_wire() {



        $checkbox=$_POST['checkbox'];



        for($i=0;$i<count($checkbox);$i++){

        $del_id = $checkbox[$i];



        $differencetolocaltime=2; // Local server time offset in hours

        $new_U=date("U")-$differencetolocaltime*1810; // + to add, - to subtract

        $time = date("l F d Y @ g:i a", $new_U); 

    $job_name = $_POST['job_name'];

    

    $job_email = $_POST['job_email'];



        $p_o_number = $_POST['p_o_number'];



        $size = $row['size'];



        $conductor = $row['conductor'];



        $insulation = $row['insulation'];



        $length = $row['length'];



        // Strip \r and \n from the email address



        $job_name = stripslashes($job_name);



        $job_name = preg_replace("/\r/", "", $job_name);



        $job_name = preg_replace("/\n/", "", $job_name);



        // Remove injected headers



        $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");



        $job_name = preg_replace($find, "**bogus header removed**", $job_name);



        //$location = preg_replace($find, "**bogus header removed**", $location);



        $headers .= "From: " . $_POST["job_email"];

        $headers .= "MIME-Version: 1.0\r\n";

        $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";



    $ip = $_SERVER["REMOTE_ADDR"];



    $host = gethostbyaddr($ip);



    $subject = $_POST["job_name"] . "\nWire Addition"; // your website or chosen Subject



    $site = "http://www.mysite.com"; // submitted from

        

        // multiple recipients

        $to  = 'me@myemail.com' . ', '; // note the comma

        $to .= $_POST["job_email"];

    

    $message = '<html><body>';

    $message .= '<img src="http://www.mysite.com/logo.jpg" alt="logo" />';

        $message .= '<table rules="all" style="border-color: #000;" border="2" cellpadding="2" width="500">';

        $message .= "<tr><td colspan='2'><strong> Job Name:</strong> </td><td colspan='3'>" . $_POST['job_name'] . "</td></tr>";

        $message .= "<tr><td colspan='2'><strong>Email:</strong> </td><td colspan='3'>" . $_POST['job_email'] . "</td></tr>";

        $message .= "<tr><td colspan='2'><strong>PO#:</strong> </td><td colspan='3'>" . $_POST['p_o_number'] . "</td></tr>";

        $message .= "<tr><td colspan='2'><strong>Time of Order:</strong> </td><td colspan='3'>" . $time . "</td></tr>";



        $message .= "<tr>";

        $message .= "<td><strong>ID</strong></td>";

        $message .= "<td><strong>Size</strong></td>";

        $message .= "<td><strong>Conductor</strong></td>";

        $message .= "<td><strong>Insulation</strong></td>";

        $message .= "<td><strong>Length</strong></td>";

        $message .= "</tr>";

        $query="SELECT * FROM unclaimed WHERE id='$del_id'";

        $result=mysql_query($query) or die(mysql_error());

        $sno=1;

        while($row=mysql_fetch_array($result, MYSQL_ASSOC)){

        $message .= "<tr>";

        $message .= "<td>" . $row['id'] . "</td>";

        $message .= "<td>" . $row['size'] . "</td>";

        $message .= "<td>" . $row['conductor'] . "</td>";

        $message .= "<td>" . $row['insulation'] . "</td>";

        $message .= "<td>" . $row['length'] . "</td>";

        $message .= "</tr>";



        $sno=$sno+1;

        }



        $message .= "</table>";

        $message .= "</body></html>";



    $message2 = "Submitted from: " . $site . "\nHost: " . $host . "\nIP: " . $ip . "\nTime: " . $time . "\n\nJob Name: " . $job_name . "\n\nEmail: " . $job_email . "\n\nPO Number: " . $p_o_number;





        if ($job_name && $job_email && $p_o_number) {



        if (mail($to, $subject, $message, $headers)) {



    $sql2="select * from unclaimed where id='$del_id'";



    $result2=mysql_query($sql2) or die("select  fails");



    $no=mysql_num_rows($result2);

    





        }



        }



    if ($no > 0) {



        $sql = "insert INTO claimed (id,size,conductor,insulation,length,time,job_name,job_email,p_o_number) SELECT NULL,'$size','$conductor','$insulation','$length',now(),'$job_name','$job_email','$p_o_number' FROM unclaimed WHERE id='$del_id'";



        $result = mysql_query($sql) or die("insert fails");



        echo "<br /><h1>Wire Added</h1>";



    } else {



        echo "<br /><h1>This wire has already been added.</h1>";







    }

             }

}

echo mysql_error();

?>

Thread: Function passing variables to email & insert, email works, insert only partial works

Thread Tools

Display

Function passing variables to email & insert, email works, insert only partial works

Thread Information

Users Browsing this Thread

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions