Send Table Data Using PHPMailer

Question

I have a record which can be fetched from the database. I want to be able to send this tabulated report to email using PHPMailer.The issue now is: When the mail is sent, it shows only the header section of the table and the content is not shown. See my code below, maybe someone can tell me what i am missing or better approach:

$mail->Body    =  "<p>Please find below the Action Plan for Routine Report that is generated based on today's Check.</p><br/>".
                  "<table width='100%' border='1' style='margin-top:15px;' align='left class='table table-striped'>". 
                  "<thead><tr>".
                  "<th>SN</th>".
                  "<th nowrap='nowrap'>Mainlocation</th>".
                  "<th nowrap='nowrap'>Sub-Loaction</th>".
                  "<th nowrap='nowrap'>Issue</th>".
                  "<th nowrap='nowrap'>Current Plan</th>".
                  "<th nowrap='nowrap'>Who</th>".
                  "<th nowrap='nowrap'>When</th>".
                  "</tr></thead><tbody>".
                  $qq = mysqli_query($con,"SELECT * FROM tab_trans WHERE transid='$transid' ORDER BY subloc");
                  $d =0;
                  while($c = mysqli_fetch_array($qq)){ $d++;
                  "<tr>".
                  "<td nowrap='nowrap'>".$d."</td>".
                  "<td nowrap='nowrap'> ".$c['mainloc']."</td>".
                  "<td nowrap='nowrap'> ".$c['subloc']."</td>".
                  "<td nowrap='nowrap'> ".$c['issue']."</td>".
                  "<td nowrap='nowrap'> ".$c['what']."</td>".
                  "<td nowrap='nowrap'> ".$c['who']."</td>".
                  "<td nowrap='nowrap'> ".$c['period']."</td></tr>";
                  }
                  "</tbody></table>";

I have truncated the previous section of the phpmailer function. ie the settings. Thanks

Your code is vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, Mar 30 '17 at 15:39
@AlexHowansky: Thanks, i am currenly fetching data from the DB not from the user. Is that also prone to sql injection?. Well, any info as regards the main question above? — David Mukoro, Mar 30 '17 at 15:43
If the value of the `$transid` variable can be affected in any way by a user, then you are vulnerable. Regarding the main question, the obvious answer would seem to be that your query is simply returning zero rows. — Alex Howansky, Mar 30 '17 at 15:47
@AlexHowansky: but if i run the code from another page that does not involve sending it as mail, the records is generated perfectly. Is there anything wrong with the loop or is there a better way to sending tabulated data fetched from DB to a mail? — David Mukoro, Mar 30 '17 at 15:51
I would guess that the other page correctly sets `$transid`. Add some debugging statements to verify that transid gets set properly, and add a call to `mysqli_num_rows()` (or whatever it's called) to verify that you're getting non-zero results back. — Alex Howansky, Mar 30 '17 at 15:54

score 0 · Answer 1 · answered Mar 30 '17 at 16:05

Thanks all. The solution is this: The loop is the one having issue. It is not able to get the result. Hence, concantenating the $mail->body and little modification solves the problem:

$mail->Body    =  "<p>Please find below the Action Plan for Routine Report that is generated based on today's Check.</p><br/>".


                     "<table width='100%' border='1' style='margin-top:15px;' align='left class='table table-striped'>". 
                      "<thead><tr>".
                      "<th>SN</th>".
                      "<th nowrap='nowrap'>Mainlocation</th>".
                      "<th nowrap='nowrap'>Sub-Loaction</th>".
                      "<th nowrap='nowrap'>Issue</th>".
                      "<th nowrap='nowrap'>Current Plan</th>".
                      "<th nowrap='nowrap'>Who</th>".
                      "<th nowrap='nowrap'>When</th>".
                      "</tr></thead><tbody>";
                      $qq = mysqli_query($con,"SELECT * FROM tab_trans WHERE transid='$transid' ORDER BY subloc");
                      $d =0;
                      while($c = mysqli_fetch_array($qq)){ $d++;
  $mail->Body.=       "<tr>".
                      "<td nowrap='nowrap'>".$d."</td>".
                      "<td nowrap='nowrap'> ".$c['mainloc']."</td>".
                      "<td nowrap='nowrap'> ".$c['subloc']."</td>".
                      "<td nowrap='nowrap'> ".$c['issue']."</td>".
                      "<td nowrap='nowrap'> ".$c['what']."</td>".
                      "<td nowrap='nowrap'> ".$c['who']."</td>".
                      "<td nowrap='nowrap'> ".$c['period']."</td></tr>";
                      }
$mail->Body.=       "</tbody></table>";

Send Table Data Using PHPMailer

1 Answers1