0

I have this little logic that i dont get how to solve it.

I have this on my database named email_list 5 records

then i have this trackCode 15 records on it.

my problem is im doing something like when i click the email all it will get the email to my email_list which has 5 records then the trackCode will send it to those emails.

i have this code

$sql = mysql_query( "SELECT * FROM code WHERE track = '$_POST['track']' " ) or die ( mysql_error() );
$row = mysql_fetch_array( $sql );
$subject = 'You have received your code';
$message = '
Your code is '.$row['trackCode'].'

Please click here to activate your code - click here -

management
';

$header = "From: [email protected] \r\n";
$header .= 'Content-type: text/html' . "\r\n";

$sqlemail = mysql_query( "SELECT * FROM email_list ORDER BY rand() LIMIT 15" ) or die ( mysql_error() );
while ( $rowemail = mysql_fetch_array( $sqlemail ) ) {
  $to = $rowemail['emails'];
}
$send_contact = mail($to,$subject,$message,$header);

Can you tell me what is wrong with my code is it my while statement?

What im trying to solve is that when it send email it send to those 5 emails with different trackCodes

i think im lost with my process and logic.

thanks guys

Improve this question
3
  • 1
    BTW, you might want to check out: php.net/manual/en/function.mysql-real-escape-string.php, or even better: php.net/manual/en/mysqli.real-escape-string.php Commented Aug 26, 2012 at 11:17
  • 1
    And $to = $row['emails']; should be $rowemail['emails'];. Commented Aug 26, 2012 at 11:19
  • What's with the randomly switching between naming and formatting conventions? email_list and trackCode? $sqlemail and $send_contact? In one line of code, you'll use a single double quoted string, but in the next, you'll use a single quoted string concatenated with a double quoted string. You also don't seem to have a fixed convention for parentheses and spaces. Commented Aug 26, 2012 at 11:23

2 Answers 2

Reset to default
2

Try to change it to:

$sqlemail = mysql_query("SELECT * FROM email_list ORDER BY rand() LIMIT 15") or die ( mysql_error());

while($rowemail = mysql_fetch_assoc($sqlemail))
{
    mail($rowemail['emails'], $subject, $message, $header);
}

And this:

$sql = mysql_query("SELECT * FROM code WHERE track = '$_POST['track']'") or die (mysql_error());

should be:

$sql = mysql_query("SELECT * FROM code WHERE track = '".mysql_real_escape_string($_POST['track'])."'") or die (mysql_error());

Important:

However, it is important to point out that the the use of the mysql extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

The mysql extension is deprecated. You should only use mysqli or pdo at this point.
I know, that's basically what I wanted to tell him in my comment above. But I don't know which versions of PHP/MySQL he's using, so I'm not going to force him to upgrade. Even tho it would be better for him to do so.
You can't force him to do anything. But if you use mysqli in your code, it's at least a hint that mysql has been deprecated and its use is strongly discouraged. If he sees people still recommending the use of mysql_query and mysql_real_escape_string, it doesn't send the right message.
More About SQL Injection: stackoverflow.com/questions/11939226/…
1

looks like you are setting $to variable to email id in each iteration, but never using it, until after while loop. Which means only last email id from the results get mailed. try moving mail into the while loop.

while ( $rowemail = mysql_fetch_array( $sqlemail ) ) {
    $to = $rowemail['emails'];
    $send_contact = mail($to,$subject,$message,$header);
}

PS: Use better mysql extension(PDO or Mysqli), use better escaping, or prepared statements for data insertion. looks like your code is for learning purpose only, in that case, always learn whats better. in case its for production, it is very very vulnerable!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.