1

I have looked on other questions and nothing quite fits, I am trying to adapt parts to my code I have built so far, but the new stuff I am adding I get errors, I am sure I'm not far off. I want to learn to do it so I will keep trying.

I don't expect someone to do it for me, I want to do it and understand how it's working to constantly improve.

So my MySQL database has an ID field auto_increment and the clients details.

After my customer fills in the form, I would like an email with their ID number sent to their email address they have just put in the form. (make sense?)

Can I do this as the customer only gets an ID number in the database after filling out the form?

OK! so writing this I've just realized that maybe I can create a trigger inside MySQL database to send an email with the ID number to the client once the details enter the database.

I just googled that and not sure if its possible

So far my code is this and I built it and it works a treat! a long process but I'm getting there and loving it! 

<?php

require 'connection.php';
$conn    = Connect();
$date    = $conn->real_escape_string($_POST['u_date']);
$name    = $conn->real_escape_string($_POST['u_name']);
$company    = $conn->real_escape_string($_POST['u_company']);
$tel    = $conn->real_escape_string($_POST['u_tel']);
$mtel    = $conn->real_escape_string($_POST['m_tel']);
$email   = $conn->real_escape_string($_POST['u_email']);
$occupation   = $conn->real_escape_string($_POST['occupation']);
$hear   = $conn->real_escape_string($_POST['hear']);
$used   = $conn->real_escape_string($_POST['used']);
$signature    = $conn->real_escape_string($_POST['signature']);

$query   = "INSERT into tb_cform (u_date,u_name,u_company,u_tel,m_tel,u_email,occupation,hear,used,signature)     VALUES('" . $date . "','" . $name . "','" . $company . "','" . $tel . "','" .     $mtel . "','" . $email . "','" . $occupation . "','" . $hear . "','" . $used .     "','" . $signature . "')";
$success = $conn->query($query);


if (!$success) {
die("Couldn't enter data: ".$conn->error);

}

echo "<p><center>Thank you <strong>$name</strong>, your message has been submitted to us. Check your email for your ID number</center></p>";

$conn->close();

?>

Thank you in advance!

Notary
  • 11
  • 5
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. – tadman Jan 03 '18 at 16:27
  • **WARNING**: `mysql_query` and associated functions are *not* in any way related to the similarly named `mysqli` ones. These were deleted in PHP 7 and are far more hazardous to use due to their lack of placeholder support. Avoid using them whenever possible. – tadman Jan 03 '18 at 16:28
  • I am getting negative results to adding a trigger to send emails, but how do I send the customer his ID number if I only have his email once he has filled in the form? – Notary Jan 03 '18 at 16:31
  • The way you're composing the query here is extremely error-prone, a single missing character will break everything and simultaneously be really hard to spot because of that cluttered syntax. Switching to prepared statements with placeholder values will add considerable clarity. Additionally a lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. – tadman Jan 03 '18 at 16:33
  • Note that this code doesn't check that the form was completely filled out, only that it was submitted. There's a lot of work left to do here to validate those values before dumping them into the database and hoping for the best. This is why I strongly encourage using a development framework: These sorts of things are provided for you with clear, concise patterns for applying them. Frameworks come in many forms from really lean like [Fat-Free Framework](https://fatfreeframework.com/) to exceptionally full-featured like [Laravel](http://laravel.com/) and many spots in between. – tadman Jan 03 '18 at 16:34

2 Answers2

0

When you insert a record and want to know the ID value the easiest way is get the value of LAST_INSERT_ID(). With mysqli this is actually simple using insert_id:

$id = $conn->insert_id;
tadman
  • 208,517
  • 23
  • 234
  • 262
  • But it only creates an ID after the customer has filled in the form, I am looking for a way to send the customer the ID number after he has filled in the form – Notary Jan 03 '18 at 16:36
  • This is how you get the ID value. If you want to send it to them, make use of that `$id` variable. If you're sending an email, compose an email and put that value in it somewhere. Another thing to keep in mind is ID values like this are generally sequential and easily guessed, so be sure to have some kind of security in place so people can't iterate over these and download your entire customer base. – tadman Jan 03 '18 at 16:38
  • Thank you! I will work on getting the ID number to be random first. – Notary Jan 03 '18 at 17:09
0

So I found a way round the ID number, but all I want is for this to send an email to me and to the one put in the contact form, its working putting it in the database but I need a little help on the email sending part of the code. Thanks 

 <?php

 require 'connection.php';

 $conn    = Connect();
 $pass    = $conn->real_escape_string($_POST['pass']);
 $date    = $conn->real_escape_string($_POST['u_date']);
 $name    = $conn->real_escape_string($_POST['u_name']);
 $company    = $conn->real_escape_string($_POST['u_company']);
 $tel    = $conn->real_escape_string($_POST['u_tel']);
 $mtel    = $conn->real_escape_string($_POST['m_tel']);
 $email   = $conn->real_escape_string($_POST['u_email']);
 $occupation   = $conn->real_escape_string($_POST['occupation']);
 $hear   = $conn->real_escape_string($_POST['hear']);
 $used   = $conn->real_escape_string($_POST['used']);
 $signature    = $conn->real_escape_string($_POST['signature']);


 $query   = "INSERT into tb_cform (pass,u_date,u_name,u_company,u_tel,m_tel,u_email,occupation,hear,used,signature) VALUES('" . $pass . "','" . $date . "','" . $name . "','" . $company . "','" . $tel . "','" . $mtel . "','" . $email . "','" . $occupation . "','" . $hear . "','" . $used . "','" . $signature . "')";


 $success = $conn->query($query);


 $header = "From: $email\n" . "Reply-To: $email\n";
 $subject = "Inquiry Received";
 $email_to = "info@mydomain.co.uk";
 $message = "Full Name: $name\n"
           . "Word: $pass\n"
           . "Email: $email\n";
mail($email_to, $subject, $message, $header);



if (!$success) {
die("Couldn't enter data: ".$conn->error);

 }

 echo "<p><center>Thank you <strong>$name</strong>, your message has been 
 submitted to us.</center></p>";

 $conn->close();

 ?>
Notary
  • 11
  • 5