0

Currently I have a simple PHP script(s) that accept the users email address and write it to a MySQL database. The code below is all working fine.

How can I go about adding a function to email the new subscriber a bit of information to the address they provided?

<?php
require_once 'login.php'; // database information

$db_server = mysql_connect($db_hostname, $db_username, $db_password)
    or die("Unable to connect to MySQL: " . mysql_error());

mysql_select_db($db_database)
  or die("Unable to select database: " . mysql_error());

$email = $_POST['email'];

$sql="INSERT INTO users (email)
VALUES ('$email')";

$result = mysql_query($sql);

if($result){
header('Location: ../thankyou.php');
}
else {
echo "ERROR";
}

mysql_close();
?>

Thanks!

flash1821
  • 71
  • 6
  • 2
    Not the answer but wow. Heard of sql injections? – jtheman Mar 05 '13 at 00:32
  • 3
    simple google search of 'php email' will easily give you multiple answers. look up the `mail()` function. – kennypu Mar 05 '13 at 00:33
  • I'm a total PHP noob. Can you direct me on where I need to worry about SQL injections, and what I can do to stop them? – flash1821 Mar 05 '13 at 00:44
  • 1
    http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php your own questions doesn't seem investigated at all. To stop being a noob you need to be able to search for answers on your own. Google is a way to start. – jtheman Mar 05 '13 at 00:58

1 Answers1

1

to answer your question, it should be something like this

email($new_subscribers_email_address,"topic goes here","message goes here");

btw note that you should NOT be using mysql_ , and that mysql_ will be removed from php soon. use PDO or MySQLi instead..

also note that you have a SQL Injection vulnerability here

$sql="INSERT INTO users (email) VALUES ('$email')";

solution: mysql_real_escape_string , like 

$sql="INSERT INTO users (email) VALUES ('".mysql_real_escape_string($email)."')";
hanshenrik
  • 19,904
  • 4
  • 43
  • 89