0

I have a dashboard with a link that triggers a DB to update an application status to "approved" and posts to an API. The database is being updated, but the recipient is not being emailed.

The database step is working but not posting to the API. The API is what triggers an email to the individual.

Disclaimer: I'm brand new to coding so apologies if I'm not providing the correct/enough information.

<?php

require_once 'login.php';
$conn = new mysqli($hn, $un, $pw, $db); //Connect DB
$id = $_GET['id'];
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error()); 
  }

//Create query based on the ID passed from table
// sql to update a record
$sql = "UPDATE all_contacts SET status='Approved' WHERE id = '$id'"; 

$url = 'https://mail.com/messages/email';
$data = array(
  "subject" => "Hello!",
  "body" => "hi",
  "recipients" => array (
    "email" => "example@email.com")
  );
$data_string = json_encode($data);
$ch = curl_init($url);

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    "Content-Type: application/json",
    "X-AUTH-TOKEN: mytoken",
    "Content-Length: ". strlen($data_string)));

$result = curl_exec($ch);
echo $result;
curl_close($ch);

if (mysqli_query($conn, $sql)) {
    mysqli_close($conn);
    header("Location: dashboard.php"); 
    exit;
} else {
    echo "Error changing status";
}

?>

Expected result: Update the DB with the new application status and trigger an email to the email listed in $data.

Actual result: It updates the DB but does not post to the API.

Touring_0433
  • 5
  • 4
  • 1
    Please read about [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection). Instead of building queries with string concatenation, use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Jan 08 '19 at 18:35
  • 1
    If you run `print_r(curl_getinfo($ch));` before the `curl_close($ch);` line, then it will spit out a bunch of debugging information, including the response code from the remote API server. – Alex Howansky Jan 08 '19 at 18:37
  • Are you sending all of the correct fields to the API? A lot of APIs require some sort of KEY to use their service. – imvain2 Jan 08 '19 at 22:18

1 Answers1

2

Tested your code, and it's working correctly.

I tested it to Beeceptor.

enter image description here

enter image description here

What are you getting as an error?

FedeCaceres
  • 158
  • 1
  • 11