-1

Im trying to populate a php veriable from a MySql query to use later on when sending an email via php. Please see below below code for populating the veriable. I have not included the mysql_connect and mysql_select_db as this this a live db and i know the connections work. Also before you state that i should be using mysqli or POD i know but the server cannot be updated as there is a large number of pages that rely on the old code.

Error - Parse error: syntax error, unexpected 'echo' (T_ECHO)

$emailaddress = "SELECT e_mail FROM frm_change_approver WHERE user_id LIKE '$approvingmanagername'";
$result = mysql_fetch_array($emailaddress);

$approveremail = echo $result['e_mail'];

I need $approveremail to be populated via the above query as i already have the email address for the user in the database and dont want a user to type the wrong one, i only capture the users user_id in the form as i dont want there to be an email address field at all. I will then use the populated veriable to send the email to that person.

any help will be greatly appreciated.

XSuperDan
  • 13
  • 1
  • 1
  • 4
  • You need the first run the query before fetch_array,nevermind sql injection. – Mihai Apr 08 '19 at 10:09
  • @Mihai Are you able to assist with this? – XSuperDan Apr 08 '19 at 10:11
  • also, why do you need LIKE if you don't use a wildcard? Just do `user_id = '$approvingmanagername'` – Lelio Faieta Apr 08 '19 at 10:13
  • @LelioFaietaThank you i have changed this and yes its a better way of using it, i think i just copied another query. – XSuperDan Apr 08 '19 at 10:16
  • mysql_* are deprecated and removed in PHP7 - switch now to mysqli_* or pdo to avoid mass project updates. Also you're code is open TO SQL injection – treyBake Apr 08 '19 at 10:22
  • Thanks @treyBake you clearly didnt read my post... These are internal MPLS webpages only and are not internet facing so dont have an issue there. – XSuperDan Apr 08 '19 at 10:34
  • @XSuperDan so what? use best practices and secure code .. why settle for code that's incorrect? – treyBake Apr 08 '19 at 10:43
  • @treyBake, please read my post.... "Also before you state that i should be using mysqli or PDO i know but the server cannot be updated as there is a large number of pages that rely on the old code." – XSuperDan Apr 08 '19 at 10:52
  • @XSuperDan ok good luck with that :) – treyBake Apr 08 '19 at 10:52

1 Answers1

2

You cannot assign an echo statement to a variable.

Change this:

$approveremail = echo $result['e_mail'];

To this:

$approveremail = $result['e_mail']; 
echo $approveremail;

Or even:

echo $result['e_mail'];

Furthermore, please consider using mysqli or PDO instead of mysql_ functions. mysql_ function are deprecated and no longer supported in PHP 7.0 and above.

Take a look at this page https://www.php.net/manual/en/function.mysql-fetch-array.php

You need to run the query and then fetch the result

$emailaddress = "SELECT e_mail FROM frm_change_approver WHERE user_id = '$approvingmanagername'";
$result = mysql_query($emailaddress);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$approveremail = $row['e_mail'];

Also, please consider to use mysql_real_escape_string() to sanitize your inputs https://www.php.net/manual/en/function.mysql-real-escape-string.php

Donny
  • 516
  • 3
  • 9