0

I have this little logic that i dont get how to solve it.

I have this on my database named email_list 5 records

then i have this trackCode 15 records on it.

my problem is im doing something like when i click the email all it will get the email to my email_list which has 5 records then the trackCode will send it to those emails.

i have this code

$sql = mysql_query( "SELECT * FROM code WHERE track = '$_POST['track']' " ) or die ( mysql_error() );
$row = mysql_fetch_array( $sql );
$subject = 'You have received your code';
$message = '
Your code is '.$row['trackCode'].'

Please click here to activate your code - click here -

management
';

$header = "From: noreply@fastindexer.com \r\n";
$header .= 'Content-type: text/html' . "\r\n";

$sqlemail = mysql_query( "SELECT * FROM email_list ORDER BY rand() LIMIT 15" ) or die ( mysql_error() );
while ( $rowemail = mysql_fetch_array( $sqlemail ) ) {
  $to = $rowemail['emails'];
}
$send_contact = mail($to,$subject,$message,$header);

Can you tell me what is wrong with my code is it my while statement?

What im trying to solve is that when it send email it send to those 5 emails with different trackCodes

i think im lost with my process and logic.

thanks guys

Butternut
  • 833
  • 1
  • 9
  • 21
  • 1
    BTW, you might want to check out: http://php.net/manual/en/function.mysql-real-escape-string.php, or even better: http://www.php.net/manual/en/mysqli.real-escape-string.php – snuffn Aug 26 '12 at 11:17
  • 1
    And `$to = $row['emails'];` should be `$rowemail['emails'];`. – snuffn Aug 26 '12 at 11:19
  • What's with the randomly switching between naming and formatting conventions? `email_list` and `trackCode`? `$sqlemail` and `$send_contact`? In one line of code, you'll use a single double quoted string, but in the next, you'll use a single quoted string concatenated with a double quoted string. You also don't seem to have a fixed convention for parentheses and spaces. – Lèse majesté Aug 26 '12 at 11:23

2 Answers2

2

Try to change it to:

$sqlemail = mysql_query("SELECT * FROM email_list ORDER BY rand() LIMIT 15") or die ( mysql_error());

while($rowemail = mysql_fetch_assoc($sqlemail))
{
    mail($rowemail['emails'], $subject, $message, $header);
}

And this:

$sql = mysql_query("SELECT * FROM code WHERE track = '$_POST['track']'") or die (mysql_error());

should be:

$sql = mysql_query("SELECT * FROM code WHERE track = '".mysql_real_escape_string($_POST['track'])."'") or die (mysql_error());

Important:

However, it is important to point out that the the use of the mysql extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used.

snuffn
  • 2,102
  • 13
  • 15
  • The `mysql` extension is deprecated. You should only use `mysqli` or `pdo` at this point. – Lèse majesté Aug 26 '12 at 11:32
  • I know, that's basically what I wanted to tell him in my comment above. But I don't know which versions of PHP/MySQL he's using, so I'm not going to force him to upgrade. Even tho it would be better for him to do so. – snuffn Aug 26 '12 at 11:35
  • You can't force him to do anything. But if you use `mysqli` in your code, it's at least a hint that `mysql` has been deprecated and its use is strongly discouraged. If he sees people still recommending the use of `mysql_query` and `mysql_real_escape_string`, it doesn't send the right message. – Lèse majesté Aug 26 '12 at 11:37
  • More About SQL Injection: http://stackoverflow.com/questions/11939226/sql-injections-and-adodb-library-general-php-website-security-with-examples/12123649 – Ilia Ross Aug 26 '12 at 11:53
1

looks like you are setting $to variable to email id in each iteration, but never using it, until after while loop. Which means only last email id from the results get mailed. try moving mail into the while loop.

while ( $rowemail = mysql_fetch_array( $sqlemail ) ) {
    $to = $rowemail['emails'];
    $send_contact = mail($to,$subject,$message,$header);
}

PS: Use better mysql extension(PDO or Mysqli), use better escaping, or prepared statements for data insertion. looks like your code is for learning purpose only, in that case, always learn whats better. in case its for production, it is very very vulnerable!

Kanwal Sarwara
  • 403
  • 4
  • 15