Page 1 of 1

ID for Email

Posted: Tue Sep 18, 2012 10:44 am
by rh100
I'm trying to learn PHP on my own and I need to retrieve the max_id number from my database to include into the message area of a registration confirmation email that is automatically sent out with mailto. Please alter the code to include Max_ID number where specified below. All help is greatly appreciated. Thank you. Here is the current code...

Code: Select all

<?php
$con = mysql_connect("dbname","dbusername","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db428287159", $con);

$sql="INSERT INTO customer (terms, firstname, lastname, phone, email, notify, specialneeds, eugenetopdx, pdxtoeugene, pickupdropoff, salemtopdx, pdxtosalem, albanytopdx, pdxtoalbany, departuredate, departuretime, returndate, adults, seniorsstudents, children, luggage, paymentmethod, date_and_time, fare)
VALUES
('$_POST[terms]','$_POST[firstname]','$_POST[lastname]','$_POST[phone]','$_POST[email]','$_POST[notify]','$_POST[specialneeds]','$_POST[eugenetopdx]','$_POST[pdxtoeugene]','$_POST[pickupdropoff]','$_POST[salemtopdx]','$_POST[pdxtosalem]','$_POST[albanytopdx]','$_POST[pdxtoalbany]','$_POST[departuredate]','$_POST[departuretime]','$_POST[returndate]','$_POST[adults]','$_POST[seniorsstudents]','$_POST[children]','$_POST[luggage]','$_POST[paymentmethod]','$_POST[date_and_time]','$_POST[fare]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
mysql_close($con);

$mailto="admin@somecompany.com,$_POST[email]";
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
$phone = $_REQUEST['phone'];
$departuredate = $_REQUEST['departuredate'];
$subject = "Reservation Confirmation";
$message = "
First Name: $firstname
Last Name: $lastname
Phone: $phone\n\n
Reservation ID Number: I would like to put the database Max_ID number here.
This is to confirm your reservation for $departuredate\n Please be at your pickup location at least 10 minutes in advance.\n\n Thank you"
; $headers = "From: admin@somecompany.com\r\n" . "MIME-Version: 1.0\r\n" . "Content-type: text/plain; charset=iso-8859-1\r\n" . "X-Priority: 3\r\n" . "X-Mailer: PHP". phpversion() ."\r\n" ;
mail("$mailto" , "$subject" , "$message" , "$headers");

header('Location: payment2.html');
?>

Re: ID for Email

Posted: Tue Sep 18, 2012 1:17 pm
by Celauran
Sounds like you want mysql_insert_id. Of course, you shouldn't really be using mysql_ functions, but that's a whole other story.

Re: ID for Email

Posted: Tue Sep 18, 2012 1:41 pm
by flying_circus
To elaborate on Celauran is saying, use mysqli instead of mysql. They are both extensions that communicate with a mysql database, but the newer mysqli is an improvement upon mysql (the i in mysqli stands for improved). Discontinue the use of mysql_ and start using mysqli_.

Re: ID for Email

Posted: Tue Sep 18, 2012 5:18 pm
by Celauran
Better still, use PDO. Again, though, that does nothing to address the problem at hand.

Re: ID for Email

Posted: Tue Sep 18, 2012 8:18 pm
by califdon
There are additional issues with your code, most importantly perhaps, is security. Unless you "sanitize" the values received in the Post variables, you have no protection against "SQL injection" by malicious users, nor have you checked for empty fields or otherwise validated your input. Since you are just learning PHP, these are issues you absolutely MUST address. Here are some references you should read:
http://php.net/manual/en/filter.example ... zation.php
http://stackoverflow.com/questions/1296 ... t-with-php
http://coding.smashingmagazine.com/2011 ... nput-data/
http://php.net/manual/en/function.mysql ... string.php
http://php.net/manual/en/security.datab ... ection.php

As Celauran said, you can use the mysql_insert_id() function (he gave you the manual reference), or much better, start out right now learning to use mysqli, the improved mysql library (in which case it would just be myaqli_insert_id().). But first, I strongly recommend you give attention to the security issues.

Re: ID for Email

Posted: Tue Sep 18, 2012 8:33 pm
by rh100
Thanks for the mysqli__insert_id lead Celauran. It worked!

Signed,
Grateful