-2

I created a from that has 3 inputs (name,email,phone number) , but just the email field is not optional when i enter the email field by my yahoo email address it redirects to yahoo.com !!! i'm using 'GET' to send data !

$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,zarin_code,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','N','" . "1" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

$_SESSION['buy_id'] = $buy_id;
$_SESSION['email'] = $_GET['email'];
$_SESSION['h_cost'] = $_GET['h_cost'];

and my html form : 

    <form style="display: block" action="" id="pay_form" method="get">
<input type="text" name="discode" id="discode" class="discode_input" placeholder="کد تخفیف" />
<input type="button" name="discode_do" id="discode_do" class="discode_do" value="استفاده" /><img class="dd_w" src="img/w8.gif" alt="w8" />
<div class="total-cost">مبلغ قابل پرداخت : <i id="mqp" style="font-style: normal"><?php echo $_SESSION['h_cost'] ?></i> ت</div>
    <input name="name" placeholder="نام کامل" type="text" /><div class="cls"></div>
    <input name="email" id="email" placeholder="آدرس ایمیل*" type="email" /><div class="cls"></div>
    <input name="phone" style="    position: relative;top: 4px;" placeholder="شماره تماس" type="text" />
    <input type="submit" name="pay" class="pay" value="پرداخت">
</form>
Komeil Tl
  • 24
  • 7
  • 2
    Post olso your form with the inputs – Rafael Shkembi Dec 14 '16 at 08:12
  • i didn't understand ! – Komeil Tl Dec 14 '16 at 08:13
  • 2
    The code above inserts the values on the db. It has nothing to do with the redirect. We have to see your form – Rafael Shkembi Dec 14 '16 at 08:14
  • if I understood your question, you want to redirect right after the form processing (SQL insertion and session definition), I think I solved this in my answer – Alexandre Dec 14 '16 at 08:42
  • 1
    please be clear with your question – Shobi Dec 14 '16 at 08:47
  • 3
    If you're writing new code, **_please_ don't use the `mysql_*` functions**. They are old and broken, were deprecated in PHP 5.5 (which is so old it no longer even receives security updates), and completely removed in PHP 7. Use [`PDO`](https://secure.php.net/manual/en/book.pdo.php) or [`mysqli_*`](https://secure.php.net/manual/en/book.mysqli.php) with _prepared statements_ and _parameter binding_ instead. See http://stackoverflow.com/q/12859942/354577 for details. – ChrisGPT was on strike Dec 14 '16 at 09:01
  • **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Dec 16 '16 at 07:02
  • The code you've provided won't cause the problem you describe. You need to supply a [mcve]. (And if that code alone does demonstrate the problem … then most likely the problem is malware on your workstation and not the code) – Quentin Dec 16 '16 at 07:03
  • you say my code is ok ? – Komeil Tl Dec 16 '16 at 07:08

3 Answers3

0

Redirect by Using 

header('Location: https://yahoo.com');

if Successfully Like This...

$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,zarin_code,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','N','" . "1" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

if($act){
    header('Location: https://yahoo.com');
}
Sachin Sanchaniya
  • 996
  • 1
  • 8
  • 16
0

it whole my code : 

<html>

<?php
session_start();

if (empty($_SESSION['h_cost'])) {$_SESSION['h_cost'] = $_SESSION['cost'];}

if (isset($_SESSION['cost']) and $_SESSION['cost'] != '') {

require("system/config.php");

$ip = GetRealIp();

if (isset($_GET['pay'])) {

$expire_time = time() + 259200;
$discode = '';
$now = time();
$buy_id = "$now";

for ($n=0;$n<20;$n++) {
    $buy_id .= rand(1,9);
}

if (intval($_SESSION['h_cost']) < 100) {
$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,zarin_code,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','N','" . "1" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

// Remote Connect

mysql_close();

define("re_adress","***");
define("re_username","***");
define("re_password","***");
define("re_db_name","***");

$prefix = "mby_";

$con=mysql_connect(re_adress,re_username,re_password);

mysql_query("SET NAMES 'utf8'", $con);
mysql_query("SET CHARACTER SET 'utf8'", $con);
mysql_query("SET character_set_connection = 'utf8'", $con);
mysql_select_db(re_db_name,$con) or die (mysql_error());

$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,zarin_code,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','N','" . "1" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

$_SESSION['buy_id'] = $buy_id;
$_SESSION['email'] = $_GET['email'];
$_SESSION['h_cost'] = $_GET['h_cost'];
Header('Location: /payment-result.php');
exit();
}

// Zarrin pall part

$MerchantID = '***'; //Required
$Amount = $_SESSION['h_cost']; //Amount will be based on Toman - Required
$Description = $_SESSION['title']; // Required
$Email = $_GET['email']; // Optional
$Mobile = $_GET['phone']; // Optional
$CallbackURL = $site_adress.'/payment-result.php'; // Required


$client = new SoapClient('https://www.zarinpal.com/pg/services/WebGate/wsdl', ['encoding' => 'UTF-8']);

$result = $client->PaymentRequest(
[
'MerchantID' => $MerchantID,
'Amount' => $Amount,
'Description' => $Description,
'Email' => $Email,
'Mobile' => $Mobile,
'CallbackURL' => $CallbackURL,
]
);

//Redirect to URL You can do it also by creating a form
if ($result->Status == 100) {
$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','" . "0" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

// Remote Connect

mysql_close();

define("re_adress","***");
define("re_username","***");
define("re_password","***");
define("re_db_name","***");

$prefix = "mby_";

$con=mysql_connect(re_adress,re_username,re_password);

mysql_query("SET NAMES 'utf8'", $con);
mysql_query("SET CHARACTER SET 'utf8'", $con);
mysql_query("SET character_set_connection = 'utf8'", $con);
mysql_select_db(re_db_name,$con) or die (mysql_error());

$sql = "INSERT INTO $prefix"."buy_info (ip,email,name,phone,link,cost,expire,discode,product,buy_id,ok,date) VALUES ('" . $ip . "','" . $_GET['email'] . "','" . $_GET['name'] . "','" . $_GET['phone'] . "','" . $_SESSION['url'] . "','" . $_SESSION['h_cost'] . "','" . $expire_time . "','" . $discode . "','" . $_SESSION['title'] . "','" . $buy_id . "','" . "0" . "','" . date("Y/m/d") . "')";
$act = mysql_query($sql) or die(mysql_error());

mysql_close();

$_SESSION['buy_id'] = $buy_id;
$_SESSION['email'] = $_GET['email'];
Header('Location: https://www.zarinpal.com/pg/StartPay/'.$result->Authority);
//برای استفاده از زرین گیت باید ادرس به صورت زیر تغییر کند:
//Header('Location: https://www.zarinpal.com/pg/StartPay/'.$result->Authority.'/ZarinGate');
} else {
echo'ERR: '.$result->Status;
}

}
else
{
$_SESSION['h_cost'] = $_SESSION['cost'];
$_SESSION['discode'] = NULL;
}
}
else
{
//header("location: /404.php");
}
?>

<head>
    <title>سبد خرید</title>
    <meta   http-equiv="content-type"   content="text/html;charset=utf-8"  />
    <meta   http-equiv="Content-Language"  content="Fa">

    <!--FavIcon-->
    <link rel="icon" type="image/png" href="img/favicon.png">

    <link rel="stylesheet" href="css/cart.css" />
    <link rel='stylesheet' href='css/font-style.css' >
    <link rel="stylesheet" href="css/font-awesome.min.css" >
    <link rel="stylesheet" href="css/bootstrap.min.css" >
    <link rel="stylesheet" href="css/style.css" >
</head>

<body>

<div class="header-area">
            <div class="container">
                    <div class="row">
                            <div class="col-md-8">
                                    <div class="user-menu">
                                            <ul>
                                                    <li><a href="#"><i class="fa fa-user"></i>ورود</a></li>
                                                    <li><a href="#"><i class="fa fa-pencil-square-o"></i> ثبت نام</a></li>
                                                    <li><a href="#"><i class="fa fa-phone"></i>ارتباط با ما</a></li>
                                                    <li><a href="#"><i class="fa fa-briefcase"></i>همکاری</a></li>
                                            </ul>
                                    </div>
                            </div>
                            <div style="width: 300px;float: right;text-align: right;height: 38px;line-height: 38px;" class="col-md-9"><?php echo $psubtitle; ?>&nbsp;<i style="font-size: 10px;" class="fa fa-star"></i></div>
                    </div>
            </div>
</div> <!-- End header area -->

<section class="adjuster">
<a href="http://mobyar.com"><img src="img/logo.png" style="border-bottom: #999999 dashed 1px;position: absolute;top: 15px;left:10px;width: 200px;height: 95px;" alt="" /></a>
<b style="border-bottom: #999999 dashed 1px;font-weight: normal;position: absolute;width: 580px; height: 100px;line-height: 130px;text-align: center;font-size: 25px;top: 10px;" >فاکتور فروش خدمات موب یار</b>
<table>
    <td style="background: #5a88ca;color: #fff;font-weight: normal;" width="600">نام محصول</td><td style="background: #5a88ca;color: #fff;font-weight: normal;" width="200">قیمت</td><tr></tr>
    <td class="p_title"><?php echo $_SESSION['title'] ?></td><td><?php echo $_SESSION['cost'] ?> ت</td><tr></tr>
</table>
<form style="display: block" action="" id="pay_form" method="get">
<input type="text" name="discode" id="discode" class="discode_input" placeholder="کد تخفیف" />
<input type="button" name="discode_do" id="discode_do" class="discode_do" value="استفاده" /><img class="dd_w" src="img/w8.gif" alt="w8" />
<div class="total-cost">مبلغ قابل پرداخت : <i id="mqp" style="font-style: normal"><?php echo $_SESSION['h_cost'] ?></i> ت</div>
    <input name="name" placeholder="نام کامل" type="text" /><div class="cls"></div>
    <input name="email" id="email" placeholder="آدرس ایمیل*" type="email" /><div class="cls"></div>
    <input name="phone" style="    position: relative;top: 4px;" placeholder="شماره تماس" type="text" />
    <input type="submit" name="pay" class="pay" value="پرداخت">
</form>
<div class="discode_result">
    <div class="dr_c"></div>
    <b>کد تخفیف اعمال شد !</b>
    <br>
    <br>
    <i>مبلغ پرداختی شما شامل x % تخفیف شده است</i>
</div>
<div class="cls"></div>
</section>

<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/cart.js"></script>

</body>

</html>
Komeil Tl
  • 24
  • 7
0

i just changed the email field name to "user_email" and it works now m and there is no problem anymore , email field name just was the problem !!! :D

Komeil Tl
  • 24
  • 7