Hi,
While you're writing your script it would be a good idea to echo() out all your values to make sure that they contain the information you expect in the right format.
I've rewritten part of your script below - this might make it easier for you to see what's happening. Please note that I haven't tested any of this code so if you get any error messages please let me know:
Code: Select all
$result = mysql_query("SELECT email FROM treesurgeons WHERE postcode like '%" . $shortcode . "%' ORDER BY companyName LIMIT 3") or die(mysql_error());
$number_of_results = mysql_num_rows($result);
$results_counter = 0;
if ($number_of_results != 0) {
while ($array = mysql_fetch_array($result)) {
$email = $array['email'];
$results_counter++;
if ($results_counter >= $number_of_results) {
$to .= $email;
} else {
$to .= $email . ',';
}
}
} else {
// No results found - display some kind of message
}
You could also check and make sure your mail set-up is working properly; I normally use the following code for this purpose:
Code: Select all
$to = 'first_recipient@test.com,second_recipient@test.com';
$subject = 'Mailer Test';
$message = 'Just Testing!';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: do_not_reply@test.com' . "\r\n";
$headers .= 'Reply-To: do_not_reply@test.com' . "\r\n";
$headers .= 'X-Mailer: PHP Mailer Gateway';
mail($to, $subject, $message, $headers);
Note that this will send an HTML message - sending plaintext/HTML is a bit more complicated but I can post the code if you want it.
A couple of other points:
You should be using mysql_real_escape_string() to make sure that someone doesn't try to break your query with a misplaced single quote (') character (either deliberately or on purpose). There's lots of information about this function on this forum and the web generally but the format is:
Code: Select all
$my_safe_and_escaped_value = mysql_real_escape_string($unsafe_and_untrustworthy_form_value);
If you're going to use mysql_real_escape_string() you need to check whether magic_quotes is on or off - what this does is automatically 'escape' single quotes with a slash but doesn't offer all the capabilities that mysql_real_escape_string does. To find out whether magic_quotes is enabled, try this:
Code: Select all
if (!get_magic_quotes_gpc()) {
echo 'Magic quotes are disabled';
} else {
echo 'Magic quotes are enabled';
}
You should also sanitise the values you receive from your form to make sure they're in the correct format (e.g. integer, string, etc.), that they're the correct length and they don't contain any odd characters - there are lots of PHP functions to help you sanitise values if needed.
HTH,
Mecha Godzilla