Page 1 of 1

Help with form and database question

Posted: Mon Dec 15, 2008 4:01 pm
by jmg
I'm a newbie and would greatly appreciate some help with php. I have access to php and a mysql database. I would like to add a form to my site that allows people to find out employee email addresses.

So far I created a simple database with three fields: id, name and email address. I've added four records (friend's names and email addresses) for testing purposes.

I also created a simple form that has a text box and "submit" button. What I would like to see happen is a name is added to the text field and the result returns with their email address.

Am I on the right path? What kind of php should I be using to query this information?

Thanks again.

Re: Help with form and database question

Posted: Mon Dec 15, 2008 4:13 pm
by jaoudestudios
Yes you are on the right track. A simple query will return the right result.

What code & query do you have so far?

Re: Help with form and database question

Posted: Mon Dec 15, 2008 4:30 pm
by cavemaneca
Mainly, you are on the wrong path from the start. You should never use a form that gives out email addresses. Some bot could find it then start spamming everyone on the list. The best thing to do in this case, is to set up a way to email a request email account, and from there you can send an email to the requester once you have verified that they have a good reason to ask for it and can't find it out any other way.

But since you will probably just ignore that, try this.

Code: Select all

<?php
if (!isset($_POST['name']) || !isset($_POST['email'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  Employee Name: <input type="text" name="name">
  Send To Email: <input type="text" name="email"><br>
  <input type="submit">
</form>
<?php
}
else {
// vars from post
$name = $_POST['name'];
$email = $_POST['email'];
 
// Connect to database
/* Database code blah blah blah */
 
$sql = "SELECT * FROM `employee_info` WHERE `name` = '".$name."'";
$result = mysql_query($sql) or die ("Error in query: $sql. ".mysql_error()); 
 
if($row = mysql_fetch_assoc($result)) { 
  /* Send e-mail */
  $headers="From: noreply@example.com\n";
  $headers.="Reply-to: noreply@example.com\n";
  @mail($email,'Order Received',$row['email'],$headers);
}
else {
  echo 'Incorrect Employee Name!';
}
 
}
?>
I didn't work to hard on it and I left at least one place where you still need to add code. And I'm not sure if it will work. But If you still want to do this it's at least something to start you off in the direction you want to go. Pretty much, It checks to see if an employee by that name even exists, then it sends a message to the person requesting it containing the email address.

NOTE: This is not a secure script at all. You should have something anyway to stop bots from using it, and it is still open to sql insertion.