Creating Invite Code to send to Database

Question

I am trying to create a random 10 length string made of letters and numbers for the variable inviteCode, then send the inviteCode variable to the database, it seems the php code doesn't create the 10 digit code for it to be sent, or it does but doesn't get sent. I have been successful sending the email however.

It is for a referral invite system.

Invite.php

php:

<?php
  if(isset($_POST['submit'])){
  $email = $_POST['email']; }

$length = 10;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(10, strlen($characters))];
}  
?>

HTML:

 <form action="save.php" method="POST">  
       <div class="form-email">
         <input type="text" placeholder="Email" name="email" />
         </div>
         <div class="submit3">
           <input type="submit" value="Invite" name="Login" />
         </div>
  </form>

save.php:

  $email = $_POST['email']; //Gets email from form
   mysql_query("INSERT INTO referrals (email, inviteCode) 
     Values ('$email', '$inviteCode') ")

Also after the information is successfully sent to the database how can I then redirect the user back to invite.php from save.php ?

I am new to php so any feedback, comments or help is much appreciated, thanks (Y)

[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — esqew, Jul 23 '14 at 16:34
@esqew I have not created the mailing code yet, as I thought I should send the inviteCode and Email variables to the database - to then create the mailing code from them (which should use that inviteCode at the end of the URL so only those invited can access the register page). — JSK, Jul 23 '14 at 16:43

score 6 · Accepted Answer · edited May 23 '17 at 11:52

It's because of this

if(isset($_POST['submit'])){

your submit button is called/named Login and not submit

<input type="submit" value="Invite" name="Login" />

and the conditional statement as well as everything inside it, failed because of it.

Therefore, $email = $_POST['email']; will not be passed on as the value.

change it to

if(isset($_POST['Login'])){

Add error reporting to the top of your file(s) right after your opening <?php tag:

error_reporting(E_ALL);
ini_set('display_errors', 1);

which would have signaled any errors found.

"how can I then redirect the user back to invite.php from save.php"

Add a header():

I.e.:

header("Location: http://www.yoursite.com/invite.php");
  exit;

and make sure you're not outputting before it.

See this article on SO, should that happen:

How to fix "Headers already sent" error in PHP

On an added note, when a user will be redirected to invite.php or initially visits your page, your code generator will execute, therefore it may be best to wrap everything inside the submit button's conditional statement.

For example:

if(isset($_POST['Login'])){

    $email = $_POST['email']; 

$length = 10;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
    for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(10, strlen($characters))];
    }

} // end brace for if(isset($_POST['Login']))

that would be up to you to decide if that's the way you wish your code to run as.

Edit:

I'm having trouble understanding how/why you're using three pages for all this.

You could set it up this way instead (HTML form, then PHP):

<?php
  if(isset($_POST['Login'])){
  $email = $_POST['email']; 

$length = 10;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(10, strlen($characters))];
    }

// execute SQL codes here

  // if query is successful, redirect
  // i.e.
  // if($query){ header("Location: http://www.yoursite.com/invite.php"); exit; }

} // end brace for if(isset($_POST['Login']))
?>

mysqli_ method example:

Nota: Make sure inviteCode is the actual column name and not invitecode. They are case-sensitive.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$DB_HOST = "xxx"; // replace
$DB_NAME = "xxx"; // replace
$DB_USER = "xxx"; // replace
$DB_PASS = "xxx"; // replace

$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
  die('Connection failed [' . $conn->connect_error . ']');
}

if(isset($_POST['Login'])){

$email = mysqli_real_escape_string($conn,$_POST['email']);

$length = 10;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(10, strlen($characters))];
    }

$query = mysqli_query($conn, "INSERT INTO `referrals` (`email`, `inviteCode`) 
     VALUES ('$email', '$inviteCode') ");

if($query){
echo "Success";
// or redirect with header, but remove the echo above if using header
}

else{
// echo "Sorry";

 die('Error querying database. ' . mysqli_error($conn));
   }
} // end brace for if(isset($_POST['Login']))

I'm starting to wonder if OP posted his full, actual code here. He's got mis-matching curly braces in his example. Because of that, I'm starting to think that this may be a variable scope issue. — esqew, Jul 23 '14 at 16:38
@esqew I tested OP's character creation code and it worked fine. I'm on 5.4.12 — Funk Forty Niner, Jul 23 '14 at 16:40
Thank you for your time, but I am receiving an error in save.php 'undefined variable inviteCode in save.php'. I thought I had already created the variable in invite.php, maybe save.php is not receiving the inviteCode variable from invite.php. — JSK, Jul 23 '14 at 17:12
@JSK You're welcome. I've edited my answer, see under **Edit**, which may answer the issue. See the commented comment `// execute SQL codes here` — Funk Forty Niner, Jul 23 '14 at 17:13
@JSK I'm also thinking that the error you received, may be SQL related. Make sure your column is indeed called `inviteCode` and not `invitecode` with a lowercase `c`. — Funk Forty Niner, Jul 23 '14 at 17:14
@JSK Plus, the PHP/SQL code in my answer should be taken from the form action `
` either `save.php` or `invite.php` - `
` and that will take care of everything in one go. Depending on the filename you chose to give it/use. — Funk Forty Niner, Jul 23 '14 at 17:17
@JSK I've made another edit with SQL code example, using `mysqli_` instead. Just change the `xxx` to your own credentials. Look under **`mysqli_` method example:** - it works, I've tried it. — Funk Forty Niner, Jul 23 '14 at 17:41
inviteCode was the same in the table. And it is working now, using two files was creating more problems than solving. Thank you for your time and effort ! (Y) — JSK, Jul 23 '14 at 18:14

dAngelov · Answer 2 · 2014-07-23T16:40:00.610

Your code is working fine, except for a possible index out of range problem.

$inviteCode .= $characters[mt_rand(10, strlen($characters))];

in the above code, you need to add -1 after the strlen() function as indexes in arrays and strings start from 0. Like this:

$inviteCode .= $characters[mt_rand(10, strlen($characters)-1)];

Try the fix and see if that works. As for redirecting, use the header() function in PHP:

header('Location: http://127.0.0.1/invite.php');
exit;

Make sure you are not sending any output before this though.

Creating Invite Code to send to Database

2 Answers2