Page 1 of 1

Select row from Mysql + Send in email -- Problems

Posted: Mon Aug 01, 2011 1:50 pm
by Reed92
I am trying to email a single row's worth the data. I receive the emails, but none of the data is sent. What am I doing wrong?

Code: Select all

if(isset($_GET['email'])){
	$sql = ("SELECT FROM xxx WHERE id='" . $_GET['email'] . "'");
	$result = mysql_query($sql);
	$row = mysql_fetch_array($result);
	echo $row['timestamp'];
	$to = "reed@xxxx.com";
	$from = $row['email'];
	$subject = "Quote Request";
	$body = "<html><body><p>" . 
  		"Time:           " 			. $row['timestamp'] 	. "<br />" . 
  		"Name:           " 			. $row['fullname'] 		. "<br />" .
  		"Company:        " 			. $row['company'] 		. "<br />" . 
  		"Phone:          " 			. $row['phonenumber'] 	. "<br />" . 
  		"Project Info:   " 			. $row['project'] 		. "<br />" . 
  		"Project City:   " 			. $row['projectcity'] 	. "<br />" . 
  		"Project State:  " 			. $row['projectstate']	. "<br />" . 
  		"Other:          " 			. $row['other']	 		. "<br />" . 
  		"Due Date:       " 			. $row['duedate'] 		. "<br />" . 
  		"Comments:       " 			. $row['comments'] 		. "<br /></p></body></html>";
	$headers = "From: " . $from . "\r\nContent-type: text/html\r\n";
	
	mail($to,$subject,$body,$headers);
}

Re: Select row from Mysql + Send in email -- Problems

Posted: Mon Aug 01, 2011 3:45 pm
by twinedev
Have you verified that the query is returning data? You have it coded with no error checking, so if the query is broken, or there were no matched rows, you are still sending the e-mail with $row not containing data.

Also make sure you protect you query from bad things a user may put in.

Try something like the following:

Code: Select all

	if(isset($_GET['email'])){
		$sql = ("SELECT FROM xxx WHERE id='" . mysql_real_escape_string($_GET['email']) . "'");
		$result = mysql_query($sql);
		if ($result && mysql_num_rows($result)>0) {
			$row = mysql_fetch_array($result);
			echo $row['timestamp'];
			$to = "reed@xxxx.com";
			$from = $row['email'];
			$subject = "Quote Request";
			$body = "<html><body><p>" .
			"Time:           "  . $row['timestamp']    . "<br />" .
			"Name:           "  . $row['fullname']     . "<br />" .
			"Company:        "  . $row['company']      . "<br />" .
			"Phone:          "  . $row['phonenumber']  . "<br />" .
			"Project Info:   "  . $row['project']      . "<br />" .
			"Project City:   "  . $row['projectcity']  . "<br />" .
			"Project State:  "  . $row['projectstate'] . "<br />" .
			"Other:          "  . $row['other']        . "<br />" .
			"Due Date:       "  . $row['duedate']      . "<br />" .
			"Comments:       "  . $row['comments']     . "<br /></p></body></html>";
			$headers = "From: " . $from . "\r\nContent-type: text/html\r\n";

			mail($to,$subject,$body,$headers);
		}
		else {
			echo "No records found with that e-mail address!\n";
		}
	}