0

How to use phpmailer, for example I have sent message to email address if user has registered successfully, then check email address, if email address exists stop sending email second time for registration. I have tried using phpmailer and php codes to send mail, every time when I checked if email address existed the program sent message to this email address, how to stop executing or stop sending message if user tries sign up and this email address exists

<?
include('data.php');
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'phpmailer/src/Exception.php';
require 'phpmailer/src/PHPMailer.php';
require 'phpmailer/src/SMTP.php';

if(isset($_POST["submit"])){
$email = trim(htmlspecialchars($_POST['email']));
if(filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)){
/*________________________________________________________________________*/
function EmailExists($conn, $email){
    $s="SELECT * FROM dat WHERE email='$email'";
    $res=mysqli_query($conn, $s);
    $eml = mysqli_fetch_assoc($res);
    return (is_array($eml) && count($eml)>0);
}
$emai=[];
if(EmailExists($conn, $email)):
    $emai['has_error']=1;
    $emai['response']="<script>alert('Email address is already exists')</script>";
endif;
/*________________________________________________________________________*/

$sql = "SELECT * FROM dat WHERE email = '$email'";
$rest = mysqli_query($conn, $sql);
$pres = mysqli_num_rows($rest);

if(!count($emai)){  
} else {
    $mail = new PHPMailer(true);
    $mail->isSMTP();
    $mail->Host = 'smtp.gmail.com';
    $mail->SMTPAuth = ;
    $mail->Username = 'test@gmail.com';
    $mail->Password = 'test';
    $mail->SMTPSecure = 'ssl';
    $mail->Port = 443;
    $mail->addAddress($_POST["email"]);
    $mail->Subject="Registration was completed";
    $mail->isHTML(FALSE);
    $mail->Body="Welcome";
while($pres == 0){
    switch($pres){
        case $pres:
            $mail->send();
        break;
        default:
        break;
            }
    }
    echo "<script>alert('Mail was sent successfully')</script>";
    }
} else {
    //echo "<script>alert('Wrong Email Address')</script>";
    }
}
?>
garik mikaelyan
  • 11
  • 1
  • 3
  • 2
    Perhaps cleaning up your code would be the best first step? Your code contains all these variables: `$email`, `$eml`, `$emai`, and `$mail`, they're all variations on the word "e-mail", but their values vary widely. I think this causes confusion and is the cause of your problems. See, for instance: [How to choose good variable names](https://builtin.com/data-science/variable-names). Also, if you care about the security of your code, read: [SQL Injection](https://www.php.net/manual/en/security.database.sql-injection.php). – KIKO Software Jul 13 '23 at 07:40
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jul 13 '23 at 09:27
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. – ADyson Jul 13 '23 at 09:27
  • Your usage of `htmlspecialchars()` is inappropriate and potentially problematic. `htmlspecialchars()` is an _output_ filter, only to be used _specifically_ when _outputting_ data into a HTML document. It is designed only to help protect against XSS. It should not be used at any other time, such as when receiving input data -in the worst case it can change or corrupt your data unnecessarily in that situation. It also has nothing to do with preventing SQL injection. See [when to use htmlspecialchars() function?](https://stackoverflow.com/questions/4882307/when-to-use-htmlspecialchars-function) – ADyson Jul 13 '23 at 09:27
  • Anyway, in here: `if(EmailExists($conn, $email)): $emai['has_error']=1; $emai['response']=""; endif;` you set an error message to output if the email exists. But that's all. You don't do anything to actually prevent the next part of the code from running, and sending the email anyway. It's unclear which bit of the script you think is responsible for preventing the email being sent? It would be interesting to know your opinion on how/why you expected it to work, because the code to do that is simply missing from your script entirely. – ADyson Jul 13 '23 at 09:29

0 Answers0