-2

I have a webserver capable of sending emails from a gmail account. I have one page that generates a dynamic form based on an SQL query, etc. Then, I have a form to enter your email address, and it redirects to another page that says "message sent", and the code on that page sends the email. However, how do I change the contents of the email so that it was the table generated on the previous page? I don't want to recreate the whole table and set it to a variable, because I think there's a more efficient way to do it. Any help would be appreciated.

"search.php" (this page generates the table based on a query executed by a previous page)

    <html>
<head>
<style type="text/css">
table {
background-color: #C0C0C0;
}

th{
width: 150px;
text-align:center;
border-style: solid;
border-width: 2px;
border-color: black;
background-color: #008080;
font-family: Helvetica;
}
td {
border-style: solid;
border-width: 2px;
border-color: black;
font-family: Helvetica;
background-color: #FFFF00;
text-align:center;
}
body {
background-color:#1C2932;
}

h1 {
font-family: Helvetica;
font-size: 24px;
color: #989898;
}

p {
font-family: Helvetica;
font-size: 18px;
color: #989898;
}

</style>
</head>
<body>

<?php
include 'tablegen.php';

if(isset ($_POST['term'])) {
$x = $_POST['term'];
     connect($x);
     tableGen();
}//end main if
//area 52 what is going on...

echo "<form action='email.php' method = 'post'>";
echo "<p><b>Do you want this in an email?</b></p>";
echo "<input type='text' name='send'>";
echo "<input type='submit' name='submit' value='Send!' />";
echo "</form>";

?>
<br></br>
<form method="LINK" action="landing.php">
<input type="submit" value="Go Back!">
</form>

</body>
</html>

"email.php" (this page actually sends the email)

    <html>
<head>
<style>
body {
background-color:#1C2932;
}
p {
font-family: Helvetica;
font-size: 18px;
color: #989898;
}

</style>
</head>
<?php

$email = $_POST['send'];

$headers = array(
'From: summitmathguide@gmail.com',
'Content-Type: text/html',
'Content-Type: text/css'
);



mail($email,'HTML Email','I want to send an HTML table!!!',implode("\r\n",$headers));
echo "<p>Email Sent!</p>";
?>
</html>

"tablegen.php" (Functions to display tables) -- WORKS!!!

    <?php
function connect(){

    mysql_connect("localhost","root","water123") or die ('Error Reaching Database');
    mysql_select_db("MathGuide");


}   
    //Area  51, idk what I'm doing
function tableGen($x) {
$term=$x;
$sql = mysql_query("select * from student_info where ID like '%$term%'");
echo "<h1>STUDENT DATA for ID: $search</h1>";
echo "<table>";
echo "<tr>
<th>ID</th>
<th>Project</th>
<th>Starter Project</th>
<th>Course</th>
<th>KDs Completed in your Course</th>
<th>Projects Completed</th>
<th>Project 1</th>
<th>P1KD1</th>
<th>P1KD2</th>
<th>P1KD3</th>
<th>P1KD4</th>
<th>P1KD5</th>
<th>Project 2</th>
<th>P2KD1</th>
<th>P2KD2</th>
<th>P2KD3</th>
<th>P2KD4</th>
<th>P2KD5</th>
<th>Project 3</th>
<th>P3KD1</th>
<th>P3KD2</th>
<th>P3KD3</th>
<th>P3KD4</th>
<th>P3KD5</th>
<th>Project 4</th>
<th>P4KD1</th>
<th>P4KD2</th>
<th>P4KD3</th>
<th>P4KD4</th>
<th>P4KD5</th>
</tr>";

while ($row = mysql_fetch_array($sql))
{
echo "<tr><td>";
echo $row['ID'];
echo "</td><td>";
echo $row['Project'];
echo "</td><td>";
echo $row['Starter Project'];
echo "</td><td>";
echo $row['Course'];
echo "</td><td>";
echo $row['KDs completed in your course'];
echo "</td><td>";
echo $row['Projects Completed'];
echo "</td><td>";
echo $row['Project 1'];
echo "</td><td>";
echo $row['P 1 KD 1'];
echo "</td><td>";
echo $row['P 1 KD 2'];
echo "</td><td>";
echo $row['P 1 KD 3'];
echo "</td><td>";
echo $row['P 1 KD 4'];
echo "</td><td>";
echo $row['P 1 KD 5'];
echo "</td><td>";
echo $row['Project 2'];
echo "</td><td>";
echo $row['P 2 KD 1'];
echo "</td><td>";
echo $row['P 2 KD 2'];
echo "</td><td>";
echo $row['P 2 KD 3'];
echo "</td><td>";
echo $row['P 2 KD 4'];
echo "</td><td>";
echo $row['P 2 KD 5'];
echo "</td><td>";
echo $row['Project 3'];
echo "</td><td>";
echo $row['P 3 KD 1'];
echo "</td><td>";
echo $row['P 3 KD 2'];
echo "</td><td>";
echo $row['P 3 KD 3'];
echo "</td><td>";
echo $row['P 3 KD 4'];
echo "</td><td>";
echo $row['P 3 KD 5'];
echo "</td><td>";
echo $row['Project 4'];
echo "</td><td>";
echo $row['P 4 KD 1'];
echo "</td><td>";
echo $row['P 4 KD 2'];
echo "</td><td>";
echo $row['P 4 KD 3'];
echo "</td><td>";
echo $row['P 4 KD 4'];
echo "</td><td>";
echo $row['P 4 KD 5'];
echo "</td></tr>";
}

echo "</table>";
}//end main if
Carpetfizz
  • 8,707
  • 22
  • 85
  • 146
  • Your mysql_query is vulnerable to SQL injection, see [this link](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) for ways to avoid it – dequis Apr 30 '13 at 01:31
  • Actually whenever you include user input you should sanitize it somehow, see [this other link](http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php/130323) since that other $term in the html is vulnerable to XSS – dequis Apr 30 '13 at 01:33
  • Thank you very much for pointing this out! I will definitely spend some time this weekend plugging up the security holes. I wasn't too worried about this when making it first, since the data is public already, and I was just making a portal to search through it faster, instead of downloading the whole spreadsheet. Is there anyway I can send this table in an email? – Carpetfizz Apr 30 '13 at 01:40
  • @Carpetfizz: It looks like you didn't even try anything at all to send a table there. The short answer is: Yes it is possible. But you need to program that. You are probably looking for a way on how to parse and process HMTL with PHP? – M8R-1jmw5r Apr 30 '13 at 01:45
  • 1
    you will want to use inline styles. There are mail clients that will ignore any styles (outlook) not inline on elements (i.e. in the header). – scrappedcola Apr 30 '13 at 01:49
  • 2
    What @scrappedcola wants to say is, that the support of HTML and CSS across Email Clients differs. Some webpages like http://www.campaignmonitor.com/css/ contain detailed information. – M8R-1jmw5r Apr 30 '13 at 01:54

1 Answers1

1

You should move the code that generates the table to a PHP file that can be included by both, put the code that connects to mysql, the code that does the query and the code that generates the table in different functions.

Personally I'd generate the table for the email by creating a string with a templating engine, but to keep the "echo" based code you can use ob_start, and get the contents to a variable with ob_get_clean. Then you'd send the contents of this variable in the second parameter of mail() instead of that string that reads 'HTML Email'.

Also note the security issues I pointed out in the comments

Community
  • 1
  • 1
dequis
  • 2,100
  • 19
  • 25
  • If I may add a note how you can improve your answer a little: Skip that faster part. This normally is misleading and only motivates younger programmers to focus on the wrong things. – M8R-1jmw5r Apr 30 '13 at 01:47
  • Hi! Thanks for the answer, I tried splitting them up into functions, and now I am getting a blank page on "search.php". I'm new to PHP, so please forgive me for any newbie mistakes. I have updated the code for "search.php" and also added the code for "tablegen.php". – Carpetfizz Apr 30 '13 at 01:59
  • `tableGen()` isn't getting the `$sql` variable. You can either return it from `connect()`, or better, don't run the sql query inside `connect()` but at the beginning of `tableGen()` – dequis Apr 30 '13 at 02:04
  • Updated the code on tablegen.php. How will it recognize the "$term" variable though? When I enter a value into the first form, I get the whole SQL table and it doesn't search that row. I'm guessing since the "$term" variable is empty, it can't tell? – Carpetfizz Apr 30 '13 at 02:10
  • 1
    Blank page is most often a syntax error and you miss to enable error reporting and logging and then following the error log. If you do PHP will tell you through the error log where you make a mistake. Please see the [PHP Error Reference](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) for a more detailed description of this and other common errors. – M8R-1jmw5r Apr 30 '13 at 02:11
  • 1
    @Carpetfizz You aren't passing `$term` as parameter either :P. You pass `$x` AKA `$_POST['term']` to `connect()` but never to `tableGen()` – dequis Apr 30 '13 at 02:13
  • Thanks @M8R-1jmw5r, I forgot to mention the blank page was because of a missing semi-colon, now I am getting the contents of the whole SQL db, instead of just the ones relevant to the search term. – Carpetfizz Apr 30 '13 at 02:14
  • 1
    @Carpetfizz: Yes, you learn along the way in programming. Until the program works. Then you get a smile on the face. Until you need to change it again when you will break it again and so on and so forth. Keep it going (but please understand we can not take you on the hand with this, please do not ask for individual tutoring and training here on this website - just keep it to concrete programming questions - thank you). – M8R-1jmw5r Apr 30 '13 at 02:16
  • @M8R-1jmw5r I understand. Thank you both for your help, I will explore on my own haha. – Carpetfizz Apr 30 '13 at 02:18
  • 1
    Yes, or better: Formulate a real programming question out of a problem. If you're able to do that properly, you often already find the answer your own (which is really great) and if not, well, you already have a good question to search for. – M8R-1jmw5r Apr 30 '13 at 02:19