0

Note Edits and narrowing down of troubleshooting in Edit section below.

I'm trying to set up a form so that it will pull data from a database to keep the email address of the recipient private, but something isn't set up correctly.

My error messages for not filling in required fields are not popping up. The coach_id is being passed through a link that adds in the variables in the URL 

email_form.php?f_name=Stephanie&l_name=Smith&coach_id=14001

I put "xxxxxxx" in for the login username and password because I know those are working correctly.

If I remove the // from in front of the code:

//echo "<p class=\"leftheading\">" . $row["email"] . "</p>";

I get the email address showing up on the screen, so I know the email address is being pulled correctly from the database. Is there an error elsewhere in my code that's preventing an email from being sent?

Edit: I turned on error reporting and figured out where the error is, but I don't know how to fix it because as I stated above, removing the // from in front of that code allows the correct email address to show up. I'm getting this error: "Notice: Undefined index: coach_id in /home/presbyteriancoa8/public_html/email_form.php on line 59", and this is the line causing the problem:

$strSQL = "SELECT * FROM coaches WHERE coach_id=" . $_GET["coach_id"];

which is causing this error: "Notice: Undefined variable: to in /home/presbyteriancoa8/public_html/email_form.php on line 122", and this is the line:

if (mail($to, $subject, $body, $from, $cc)) { 
                echo '<p>Your message has been sent!</p>';
            } else { 
                echo '<p>Something went wrong, go back and try again!</p>'; 
            }

Any ideas on how to correct the problem?

<?php
    echo "<h1>Email " . $_GET["f_name"] . " " . $_GET["l_name"] . "</h1>";

?>

<section class="body">
    <?php   

        // Connect to database server
        mysql_connect("localhost", "xxxxxxx", "xxxxxxx") or die ('Could not connect: ' . mysql_error ());

        // Select database
        mysql_select_db("presbyte_c") or die('Could not connect: ' . mysql_error());

        // SQL query
        $strSQL = "SELECT * FROM coaches WHERE coach_id=" . $_GET["coach_id"];

        // Execute the query (the recordset $rs contains the result)
        $rs = mysql_query($strSQL);

        // Loop the recordset $rs
        // Each row will be made into an array ($row) using mysql_fetch_array
        while($row = mysql_fetch_array($rs)) {
            //$receiveemail = $row["email"];
            //echo "<p class=\"leftheading\">" . $row["email"] . "</p>";
        }

        $name = $_POST['name'];
        $email = $_POST['sendemail'];
        $to = $row["email"];
        $message = $_POST['message'];
        $cc = $_POST['sendemail'];
        $subject = 'Presbyterian Coach Network - Coaching Contact';

        $body = "From: $name\n E-Mail: $email\n Message:\n $message";

        // define variables and set to empty values
        $name = $email = $message = "";

        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            $name = test_input($_POST["name"]);
            $email = test_input($_POST["sendemail"]);
            $message = test_input($_POST["message"]);
        }

        function test_input($data) {
            $data = trim($data);
            $data = stripslashes($data);
            $data = htmlspecialchars($data);
            return $data;
        }

        // define variables and set to empty values
        $nameErr = $emailErr = $messageErr = "";
        $name = $email = $message = "";

        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            if (empty($_POST["name"])) {
                $nameErr = "Name is required";
            } else {
                $name = test_input($_POST["name"]);
            }

            if (empty($_POST["sendemail"])) {
                $emailErr = "Email is required";
            } else {
                $email = test_input($_POST["sendemail"]);
            }

            if (empty($_POST["message"])) {
                $messageErr = "Message is required";
            } else {
                $message = test_input($_POST["message"]);
            }
        }

        if ($_POST['submit']) {
             /* Anything that goes in here is only performed if the form is submitted */
            if (mail ($to, $subject, $message, $name, $from, $email, $cc)) { 
                echo '<p>Your message has been sent!</p>';
            } else { 
                echo '<p>Something went wrong, go back and try again!</p>'; 
            }
        }

    // Close the database connection
    mysql_close();
    ?>

    <form method="post" action="email_form.php" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

        <p class="important">*required fields</p>

        <label>Name</label><span class="important">*</span>
        <input name="name" placeholder="Name">
        <span class="error"><?php echo $nameErr;?></span>

        <label>Your Email Address</label><span class="important">*</span>
        <input name="sendemail" type="email" placeholder="email@domain.com">
        <span class="error"><?php echo $emailErr;?></span>

        <label>Message</label><span class="important">*</span>
        <textarea name="message" placeholder="Type message here"></textarea>
        <span class="error"><?php echo $messageErr;?></span>

        <label></label>
        <input id="submit" name="submit" type="submit" value="Submit">
    </form>
</section>

SWorden
  • 1
  • 4
  • 1
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 05 '15 at 18:52
  • I would be happy to switch to PDO, but I don't have time to learn it right now. I just need to get this working. I think everything is working except pulling the email address out of the database. – SWorden Jun 05 '15 at 19:04
  • 1
    condoms are cheaper than diapers. do you have the time to fix this when someone starts injecting? @JayBlanchard is providing a public service by calling out everyone's concatenated queries. – RightClick Jun 05 '15 at 19:10
  • @JayBlanchard - I tried your PDO code, but all I'm getting on my screen is Array(). I've gotten to the "$test = dataQuery('SELECT * FROM `test`', array('')); print_r($test);" step. – SWorden Jun 05 '15 at 20:51
  • That means your query is not retrieving anything from the database. – Jay Blanchard Jun 05 '15 at 20:52
  • @JayBlanchard - Is there a way for me to show you my code? It's too long to fit in this comment. – SWorden Jun 05 '15 at 21:17
  • Edit your original post to add any new information. – Jay Blanchard Jun 08 '15 at 11:37
  • “I would be happy to switch to PDO, but I don't have time to learn it right now.” Why did you spend your supposedly scarce time learning a long-deprecated approach _instead_? – Martin Bean Jun 15 '15 at 19:57
  • This is the first form I've designed. When I started I'd never heard of PDO. Online searches turned up variations of mysql, which I'd used before, code that people were sharing. Once I get mysql working I'll correct it to mysqli, waiting only because I'm trying to reduce the number of potential error sources. – SWorden Jun 15 '15 at 20:07

0 Answers0