What command I should use to my php unsubscribe script start working

Question

I have php script which is responsible for unsubscribe newsletter users. Please check below:

<?php 
    session_start();
    $without_login = 1;
    include("includes/config.inc.php");
    if(!(isset($_REQUEST['email']) && $_REQUEST['email'] != ''))
    {
        header("location:".$basehref);
        exit(0);
    }
    $meta_title = 'Unsubscribe - '.store_company_name;
    $meta_desc = '';
    $meta_keyword = '';
    include("header.php"); 
?>
<div class="content" itemscope itemtype="http://schema.org/WebPage">
        <div class="pnav" itemprop="breadcrumb"><a href="<?php echo $basehref;?>" title="Home">Home</a> &raquo; <span id="on1">Unsubscribe From Mailing List</span></div>
          <section>
          <div class="about">
            <h1 itemprop="about">Unsubscribe From Mailing List</h1>
            <hr>
            <div itemprop="description" id="static_desc">

                <form action="" method="post" name="form">
    <input type="hidden" name="unsubscribe_email" id="unsubscribe_email" value="<?php echo mysql_real_escape_string($_REQUEST['email']);?>" />
        <div class="story_left" style="min-height:200px;"><br />
        <?php
                $error = 0;
                $to = $_REQUEST['email'];
                $encrypt_email = decode5t($to);
                if($encrypt_email != '')
                {
                    $check_url = mysql_query("select * from tb_member where `email` = '".$encrypt_email."' and newsletter = 1");
                    if(mysql_num_rows($check_url) > 0)
                    {
                        $error = 1;
                    }
                    if($error == 0)
                    {
                        $check_url = mysql_query("select * from news_letters where `email` = '".$encrypt_email."'");
                        if(mysql_num_rows($check_url) > 0)
                        {
                            $error = 1;
                        }
                    }
                }
                if($error == 0)
                {
                    echo 'The unsubscribe link you have clicked is invalid. <br> <br /> <input type="button" onclick="window.location=\''.$basehref.'\';" value="Continue" title="Continue" style="float:left; margin-left:250px;" class="choose-btn1" name="submit" />';
                }
                else
                {
                ?>
                    Please confirm your unsubscribe request from <?php echo store_company_name;?> newsletters by clicking on the "Unsubscribe" button below to remove your email address.<br /><br />
                    <input type="button" class="ungo-btn choose-btn1" title="Unsubscribe" value="Unsubscribe" name="submit" style="float:left; margin-right:20px;" />
                    <input type="button" onclick="window.location='<?php echo $basehref;?>';" value="Cancel" title="Cancel" style="float:left;" class="choose-btn1" name="cancel" />

                <?php
                }
            ?>

</div>
</form>
            </div>
          </div>
          </section>
      <div class="clear"></div>
    </div>
<?php   
    include("footer.php");
?>

Can someone advise how to put command into link to start unsubscribe users? I'm using one below but without sucess.

<a href='http://www.xyz.co.uk/unsubscribe.php?email=$_REQUEST['email']'>UNSUBSCRIBE HERE</a>

If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 10 '15 at 14:05

score 1 · Answer 1 · edited Jul 10 '15 at 23:46

I think your script doesn't unsubscribe user as there are no mysql query to update the database.

the following code indicate that user need to click on submit button to process the data, which in your case is to unsubscribe user.

<input type="button" class="ungo-btn choose-btn1" title="Unsubscribe" 
 value="Unsubscribe" name="submit" style="float:left; margin-right:20px;" />

However, even after the user click the submit button, I am not sure where the data is sent because the form action is "", see the following:

 <form action="" method="post" name="form">

Assuming newsletter=1 mean the user is subscribe to newsletter, the following is a simple example where the script will update the database and set newsletter=0 ( unsub newsletter)

            $to = $_REQUEST['email'];                                                                                                       
            $encrypt_email = decode5t($to);                                                                                 
            if($encrypt_email != '')                                                                                        
            {                                                                                                               
                $check_url = mysql_query("select * from tb_member where `email` = '$encrypt_email' and newsletter = 1");
                if(mysql_num_rows($check_url) > 0)                                                                          
                {          
                      mysql_query("UPDATE  tb_member set newsletter = '0' where `email` = '$encrypt_email' and newsletter = 1");                                                                                                
                    $error = 1;                                                                                             
                }                                                                                                           
                if($error == 0)                                                                                             
                {                                                                                                           
                    $check_url = mysql_query("select * from news_letters where `email` = '$encrypt_email'");            
                    if(mysql_num_rows($check_url) > 0)                                                                      
                    {      
                        mysql_query("UPDATE  tb_member set newsletter = '0' where `email` = '$encrypt_email'");                                                                                                 
                        $error = 1;                                                                                         
                    }                                                                                                       
                }                                                                                                           
            }                                                                                                               
            if($error == 0)                                                                                                 
            {                                                                                                               
                echo "The unsubscribe link you have clicked is invalid";                                                    
            }

What command I should use to my php unsubscribe script start working

1 Answers1