Web Design Forums

30equals · 31-07-2006, 06:59

so i have made a shopping cart and everything works except for the confirmation mail.
i already searched the forum and found one similar problem, but that solution doesn't work with me...strangely enough.

all i want is to loop results from a uery so the customer gets a confirmation mail with all the items they ordered. when i get the mail, i get all the other info , but not the item name, title or quantity.

is it because i misplaced my query or something ?

code:

PHP Code:


		
			
<?php

    session_id();

    session_start();

    

    $shippingmethod = $_POST['shippingmethod'];

    $paymentmethod = $_POST['paymentmethod'];

    $firstname = $_POST['firstname'];

    $lastname = $_POST['lastname'];

    $add1 = $_POST['add1'];

    $add2 = $_POST['add2'];

    $city = $_POST['city'];

    $state = $_POST['state'];

    $zip = $_POST['zip'];

    $country = $_POST['country'];

    $email = $_POST['email'];

    $shipfirst = $_POST['shipfirst'];

    $shiplast = $_POST['shiplast'];

    $shipadd1 = $_POST['shipadd1'];

    $shipadd2 = $_POST['shipadd2'];

    $shipcity = $_POST['shipcity'];

    $shipstate = $_POST['shipstate'];

    $shipzip = $_POST['shipzip'];

    $shipcountry = $_POST['shipcountry'];

    $shipemail = $_POST['shipemail'];

    $total = $_POST['total'];

    $sessid = session_id();

    $today = date("Y-m-d");



    

    

    $query = "SELECT * FROM br_customers WHERE 

            (firstname = '$firstname' AND lastname = '$lastname' AND add1 = '$add1' AND add2 = '$add2' AND city = '$city' AND country ='$country')";

            $result = mysql_query($query) or die(mysql_error());

            $rows = mysql_num_rows($result);

            



    if($rows <1) {

    

        

    $query2 = "INSERT INTO br_customers (firstname, lastname, add1, add2, city, state, zip, country, email)

    VALUES (

    '$firstname',

    '$lastname',

    '$add1',

    '$add2',

    '$city',

    '$state',

    '$zip',

    '$country',

    '$email')";

    $insert = mysql_query($query2) or die(mysql_error());

    $custid = mysql_insert_id();

    

    }

    

     

     if($custid) $custnum = $custid;

     

         

         

     $query3 = "INSERT INTO br_ordermain (orderdate, custnum, subtotal, shipping, shipfirst, shiplast, shipadd1, 

                 shipadd2, shipcity, shipstate, shipzip, shipcountry, shipemail, shippingmethod, paymentmethod)

                VALUES (

                '$today',

                '$custnum', 

                '$total',

                '$shipping',

                '$shipfirst',

                '$shiplast',

                '$shipadd1',

                '$shipadd2',

                '$shipcity',

                '$shipstate',

                '$shipzip',

                '$shipcountry',

                '$shipemail',

                '$shippingmethod',

                '$paymentmethod')";

        $insert2 = mysql_query($query3) or die(mysql_error());

        $orderid = mysql_insert_id();

        

        

        $query = "SELECT * FROM br_carttemp WHERE sess='$sessid'";

        $result = mysql_query($query) or (mysql_error());

        

        

        while ($row = mysql_fetch_array($result)){

        

            extract ($row);

            $query4 = "INSERT INTO br_orderdet (ordernum, qty, prodnum)

            VALUES (

            '$orderid',

            '$quan',

            '$prodnum')";

            $insert3 = mysql_query($query4) or (mysql_error());

            

        

        }

        

        $query5 = "SELECT * FROM br_products WHERE prodnum='$prodnum'";

        $result5 = mysql_query($query5) or (mysql_error());

        while ($row = mysql_fetch_array($result5)) {            

        $name = $row['name'];

        $title = $row['title'];

        }  

        //delete from temp table

        $query = "DELETE FROM br_carttemp WHERE sess='$sessid'";

        $delete = mysql_query($query);

        

        

    

    

        //email confirmations to us and the customer

        /*recipients */

         $to  = "<".$email.">";

         $bcc  = "<order@mydomain.com>";//example mail address for the forum

        

        

        //subject

        $subject = "order confirmation";

        $subjectbcc = "new order received ";

        

        /*¨message*/

            /*top of message*/

            $message = "Thank you for shopping at . Your order was received on &nbsp;".$today."<br>";

            $message .=    "It will be processed as soon as possible<br>";

            $message .= "We'll check if all items are still in stock and let you know the total with postage<br>";        

            $message .= "-------------------------------------------------------------------------------------<br>";

            $message .= "-------------------------------------------------------------------------------------<br>";

            $message .= "order number:&nbsp;".$orderid."<br>";

            $message .= "items:<br>";

            while ($row = mysql_fetch_array($result5)) {            

            $message .=    $name.$title.$quan."<br>";

            }  

            $message .= "total of your purchases without postage:&nbsp".$total;

            $message .= "<br><br>";

            $message .= "Your info:<br>";

            $message .= $firstname."&nbsp;".$lastname."<br>";

            $message .= $add1."<br>";

            if(!empty($add2)){

            $message .= $add2;

            }

            $message .= $zip."&nbsp;".$city."<br>";

            if(!empty($state)){

            $message .= $state."<br>";

            }

            $message .= $country."<br><br>";

            $message .= "you've chosen to ship&nbsp;".$shippingmethod."&nbsp;and to pay with&nbsp;".$paymentmethod;

            

        

             

        /*headers*/

        $headers ="MIME-VERSION: 1.0\r\n";

        $headers .="Content-type: text/html; charset=utf-8\r\n";

        $headers .="From: <order@mydomain.com>\r\n";

                

        /*mail it*/

        mail ($to, $subject, $message, $headers);

        mail ($bcc, $subjectbcc, $message, $headers);

        

        

        //show them their order & give them an order number

        ?>

        

        

<b>Thank you for your order!</b><br>

<br>orderdate: <?php echo $today; ?><br>

your ordernr. is <?php echo $orderid; ?>

<br>

<br>

you will get a order confirmation email <br>

(if you do not receive this, please contact us)

thanx in advance!

sjd · 31-07-2006, 18:17

What is the problem, i.e. where does the code go wrong? What do the logs say? Is it the mail function that's failing?

Have you checked the values of the variables that you pass to the mail function?

Also, on a different note, passing user supplied values straight into sql queries is an extremely bad idea because it opens your system up to sql injection attacks. Clean the POST values before setting the variables.

30equals · 01-08-2006, 08:58

Quote:

Originally Posted by sjd

What is the problem, i.e. where does the code go wrong? What do the logs say? Is it the mail function that's failing?

Have you checked the values of the variables that you pass to the mail function?

Also, on a different note, passing user supplied values straight into sql queries is an extremely bad idea because it opens your system up to sql injection attacks. Clean the POST values before setting the variables.

well, i got the problem half solved. i get one result now. it was the first loop for the $query5 which was the problem...still working on it.

yes the mail function works.

this is actually the last step in a checkout process. i have checked the input already in a previous step. this is just a matter of passing variables.

sjd · 01-08-2006, 09:21

Note that I'm not a php guru. Saying that, after a quick look, I'd say that it's because you're looping through result5 in the email message to output the list of items, but you're not updating name, title or quantity in the loop, which means they'll always be the last value that they were set to. Also, the loop won't loop because you've not reset the row pointer.

I'd set a string listing the details of the products when you actually select the orders from the products DB (br_products presumably) then output that string in the email message.

30equals · 01-08-2006, 10:22

thanx for your reply, but i got it working 100% now.

i removed the first loop.
that caused it to override the variables.

and i adapted my query so i get all the items, not just one..

so this is my working code.

PHP Code:


		
			
<?php

    session_id();

    session_start();

    

    $shippingmethod = $_POST['shippingmethod'];

    $paymentmethod = $_POST['paymentmethod'];

    $firstname = $_POST['firstname'];

    $lastname = $_POST['lastname'];

    $add1 = $_POST['add1'];

    $add2 = $_POST['add2'];

    $city = $_POST['city'];

    $state = $_POST['state'];

    $zip = $_POST['zip'];

    $country = $_POST['country'];

    $email = $_POST['email'];

    $shipfirst = $_POST['shipfirst'];

    $shiplast = $_POST['shiplast'];

    $shipadd1 = $_POST['shipadd1'];

    $shipadd2 = $_POST['shipadd2'];

    $shipcity = $_POST['shipcity'];

    $shipstate = $_POST['shipstate'];

    $shipzip = $_POST['shipzip'];

    $shipcountry = $_POST['shipcountry'];

    $shipemail = $_POST['shipemail'];

    $total = $_POST['total'];

    $sessid = session_id();

    $today = date("Y-m-d");



    

    

    $query = "SELECT * FROM br_customers WHERE 

            (firstname = '$firstname' AND lastname = '$lastname' AND add1 = '$add1' AND add2 = '$add2' AND city = '$city' AND country ='$country')";

            $result = mysql_query($query) or die(mysql_error());

            $rows = mysql_num_rows($result);

            



    if($rows <1) {

    

        

    $query2 = "INSERT INTO br_customers (firstname, lastname, add1, add2, city, state, zip, country, email)

    VALUES (

    '$firstname',

    '$lastname',

    '$add1',

    '$add2',

    '$city',

    '$state',

    '$zip',

    '$country',

    '$email')";

    $insert = mysql_query($query2) or die(mysql_error());

    $custid = mysql_insert_id();

    

    }

    

     

     if($custid) $custnum = $custid;

     

         

         

     $query3 = "INSERT INTO br_ordermain (orderdate, custnum, subtotal, shipping, shipfirst, shiplast, shipadd1, 

                 shipadd2, shipcity, shipstate, shipzip, shipcountry, shipemail, shippingmethod, paymentmethod)

                VALUES (

                '$today',

                '$custnum', 

                '$total',

                '$shipping',

                '$shipfirst',

                '$shiplast',

                '$shipadd1',

                '$shipadd2',

                '$shipcity',

                '$shipstate',

                '$shipzip',

                '$shipcountry',

                '$shipemail',

                '$shippingmethod',

                '$paymentmethod')";

        $insert2 = mysql_query($query3) or die(mysql_error());

        $orderid = mysql_insert_id();

        

        

        $query = "SELECT * FROM br_carttemp WHERE sess='$sessid'";

        $result = mysql_query($query) or (mysql_error());

        

        

        while ($row = mysql_fetch_array($result)){

        

            extract ($row);

            $query4 = "INSERT INTO br_orderdet (ordernum, qty, prodnum)

            VALUES (

            '$orderid',

            '$quan',

            '$prodnum')";

            $insert3 = mysql_query($query4) or (mysql_error());

            

        

        }

        

           $query5 ="SELECT * FROM br_products left join br_carttemp on   br_carttemp.prodnum = br_products.prodnum WHERE sess='$sessid'  ";

        $result5 = mysql_query($query5) or (mysql_error());





        //delete from temp table

        $query = "DELETE FROM br_carttemp WHERE sess='$sessid'";

        $delete = mysql_query($query);

        

        

    

    

        //email confirmations to us and the customer

        /*recipients */

         $to  = "<".$email.">";

         $bcc  = "<order@mydomain.com>";//example mail address for the forum

        

        

        //subject

        $subject = "order confirmation";

        $subjectbcc = "new order received ";

        

        /*¨message*/

            /*top of message*/

            $message = "Thank you for shopping at . Your order was received on &nbsp;".$today."<br>";

            $message .=    "It will be processed as soon as possible<br>";

            $message .= "We'll check if all items are still in stock and let you know the total with postage<br>";        

            $message .= "-------------------------------------------------------------------------------------<br>";

            $message .= "-------------------------------------------------------------------------------------<br>";

            $message .= "order number:&nbsp;".$orderid."<br>";

            $message .= "items:<br>";

            while ($row = mysql_fetch_array($result5)) {            

            $message .=    $name.$title.$quan."<br>";

            }  

            $message .= "total of your purchases without postage:&nbsp".$total;

            $message .= "<br><br>";

            $message .= "Your info:<br>";

            $message .= $firstname."&nbsp;".$lastname."<br>";

            $message .= $add1."<br>";

            if(!empty($add2)){

            $message .= $add2;

            }

            $message .= $zip."&nbsp;".$city."<br>";

            if(!empty($state)){

            $message .= $state."<br>";

            }

            $message .= $country."<br><br>";

            $message .= "you've chosen to ship&nbsp;".$shippingmethod."&nbsp;and to pay with&nbsp;".$paymentmethod;

            

        

             

        /*headers*/

        $headers ="MIME-VERSION: 1.0\r\n";

        $headers .="Content-type: text/html; charset=utf-8\r\n";

        $headers .="From: <order@mydomain.com>\r\n";

                

        /*mail it*/

        mail ($to, $subject, $message, $headers);

        mail ($bcc, $subjectbcc, $message, $headers);

        

        

        //show them their order & give them an order number

        ?>

        

        

<b>Thank you for your order!</b><br>

<br>orderdate: <?php echo $today; ?><br>

your ordernr. is <?php echo $orderid; ?>

<br>

<br>

you will get a order confirmation email <br>

(if you do not receive this, please contact us

sjd · 01-08-2006, 10:48

Cool.

Now escape the submitted form data to prevent sql injection.

http://us2.php.net/manual/en/functio...ape-string.php

31-07-2006, 06:59	#1 (permalink)
30equals Senior Member Join Date: Jan 2006 Posts: 146	query results in mail function so i have made a shopping cart and everything works except for the confirmation mail. i already searched the forum and found one similar problem, but that solution doesn't work with me...strangely enough. all i want is to loop results from a uery so the customer gets a confirmation mail with all the items they ordered. when i get the mail, i get all the other info , but not the item name, title or quantity. is it because i misplaced my query or something ? code: PHP Code: <?php session_id(); session_start(); $shippingmethod = $_POST['shippingmethod']; $paymentmethod = $_POST['paymentmethod']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $add1 = $_POST['add1']; $add2 = $_POST['add2']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $country = $_POST['country']; $email = $_POST['email']; $shipfirst = $_POST['shipfirst']; $shiplast = $_POST['shiplast']; $shipadd1 = $_POST['shipadd1']; $shipadd2 = $_POST['shipadd2']; $shipcity = $_POST['shipcity']; $shipstate = $_POST['shipstate']; $shipzip = $_POST['shipzip']; $shipcountry = $_POST['shipcountry']; $shipemail = $_POST['shipemail']; $total = $_POST['total']; $sessid = session_id(); $today = date("Y-m-d"); $query = "SELECT * FROM br_customers WHERE (firstname = '$firstname' AND lastname = '$lastname' AND add1 = '$add1' AND add2 = '$add2' AND city = '$city' AND country ='$country')"; $result = mysql_query($query) or die(mysql_error()); $rows = mysql_num_rows($result); if($rows <1) { $query2 = "INSERT INTO br_customers (firstname, lastname, add1, add2, city, state, zip, country, email) VALUES ( '$firstname', '$lastname', '$add1', '$add2', '$city', '$state', '$zip', '$country', '$email')"; $insert = mysql_query($query2) or die(mysql_error()); $custid = mysql_insert_id(); } if($custid) $custnum = $custid; $query3 = "INSERT INTO br_ordermain (orderdate, custnum, subtotal, shipping, shipfirst, shiplast, shipadd1, shipadd2, shipcity, shipstate, shipzip, shipcountry, shipemail, shippingmethod, paymentmethod) VALUES ( '$today', '$custnum', '$total', '$shipping', '$shipfirst', '$shiplast', '$shipadd1', '$shipadd2', '$shipcity', '$shipstate', '$shipzip', '$shipcountry', '$shipemail', '$shippingmethod', '$paymentmethod')"; $insert2 = mysql_query($query3) or die(mysql_error()); $orderid = mysql_insert_id(); $query = "SELECT * FROM br_carttemp WHERE sess='$sessid'"; $result = mysql_query($query) or (mysql_error()); while ($row = mysql_fetch_array($result)){ extract ($row); $query4 = "INSERT INTO br_orderdet (ordernum, qty, prodnum) VALUES ( '$orderid', '$quan', '$prodnum')"; $insert3 = mysql_query($query4) or (mysql_error()); } $query5 = "SELECT * FROM br_products WHERE prodnum='$prodnum'"; $result5 = mysql_query($query5) or (mysql_error()); while ($row = mysql_fetch_array($result5)) { $name = $row['name']; $title = $row['title']; } //delete from temp table $query = "DELETE FROM br_carttemp WHERE sess='$sessid'"; $delete = mysql_query($query); //email confirmations to us and the customer /recipients / $to = "<".$email.">"; $bcc = "<order@mydomain.com>";//example mail address for the forum //subject $subject = "order confirmation"; $subjectbcc = "new order received "; /¨message/ /top of message/ $message = "Thank you for shopping at . Your order was received on  ".$today."<br>"; $message .= "It will be processed as soon as possible<br>"; $message .= "We'll check if all items are still in stock and let you know the total with postage<br>"; $message .= "-------------------------------------------------------------------------------------<br>"; $message .= "-------------------------------------------------------------------------------------<br>"; $message .= "order number: ".$orderid."<br>"; $message .= "items:<br>"; while ($row = mysql_fetch_array($result5)) { $message .= $name.$title.$quan."<br>"; } $message .= "total of your purchases without postage:&nbsp".$total; $message .= "<br><br>"; $message .= "Your info:<br>"; $message .= $firstname." ".$lastname."<br>"; $message .= $add1."<br>"; if(!empty($add2)){ $message .= $add2; } $message .= $zip." ".$city."<br>"; if(!empty($state)){ $message .= $state."<br>"; } $message .= $country."<br><br>"; $message .= "you've chosen to ship ".$shippingmethod." and to pay with ".$paymentmethod; /headers/ $headers ="MIME-VERSION: 1.0\r\n"; $headers .="Content-type: text/html; charset=utf-8\r\n"; $headers .="From: <order@mydomain.com>\r\n"; /mail it/ mail ($to, $subject, $message, $headers); mail ($bcc, $subjectbcc, $message, $headers); //show them their order & give them an order number ?> <b>Thank you for your order!</b><br> <br>orderdate: <?php echo $today; ?><br> your ordernr. is <?php echo $orderid; ?> <br> <br> you will get a order confirmation email <br> (if you do not receive this, please contact us) thanx in advance!

01-08-2006, 10:22	#5 (permalink)
30equals Senior Member Join Date: Jan 2006 Posts: 146	thanx for your reply, but i got it working 100% now. i removed the first loop. that caused it to override the variables. and i adapted my query so i get all the items, not just one.. so this is my working code. PHP Code: <?php session_id(); session_start(); $shippingmethod = $_POST['shippingmethod']; $paymentmethod = $_POST['paymentmethod']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $add1 = $_POST['add1']; $add2 = $_POST['add2']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $country = $_POST['country']; $email = $_POST['email']; $shipfirst = $_POST['shipfirst']; $shiplast = $_POST['shiplast']; $shipadd1 = $_POST['shipadd1']; $shipadd2 = $_POST['shipadd2']; $shipcity = $_POST['shipcity']; $shipstate = $_POST['shipstate']; $shipzip = $_POST['shipzip']; $shipcountry = $_POST['shipcountry']; $shipemail = $_POST['shipemail']; $total = $_POST['total']; $sessid = session_id(); $today = date("Y-m-d"); $query = "SELECT * FROM br_customers WHERE (firstname = '$firstname' AND lastname = '$lastname' AND add1 = '$add1' AND add2 = '$add2' AND city = '$city' AND country ='$country')"; $result = mysql_query($query) or die(mysql_error()); $rows = mysql_num_rows($result); if($rows <1) { $query2 = "INSERT INTO br_customers (firstname, lastname, add1, add2, city, state, zip, country, email) VALUES ( '$firstname', '$lastname', '$add1', '$add2', '$city', '$state', '$zip', '$country', '$email')"; $insert = mysql_query($query2) or die(mysql_error()); $custid = mysql_insert_id(); } if($custid) $custnum = $custid; $query3 = "INSERT INTO br_ordermain (orderdate, custnum, subtotal, shipping, shipfirst, shiplast, shipadd1, shipadd2, shipcity, shipstate, shipzip, shipcountry, shipemail, shippingmethod, paymentmethod) VALUES ( '$today', '$custnum', '$total', '$shipping', '$shipfirst', '$shiplast', '$shipadd1', '$shipadd2', '$shipcity', '$shipstate', '$shipzip', '$shipcountry', '$shipemail', '$shippingmethod', '$paymentmethod')"; $insert2 = mysql_query($query3) or die(mysql_error()); $orderid = mysql_insert_id(); $query = "SELECT * FROM br_carttemp WHERE sess='$sessid'"; $result = mysql_query($query) or (mysql_error()); while ($row = mysql_fetch_array($result)){ extract ($row); $query4 = "INSERT INTO br_orderdet (ordernum, qty, prodnum) VALUES ( '$orderid', '$quan', '$prodnum')"; $insert3 = mysql_query($query4) or (mysql_error()); } $query5 ="SELECT * FROM br_products left join br_carttemp on br_carttemp.prodnum = br_products.prodnum WHERE sess='$sessid' "; $result5 = mysql_query($query5) or (mysql_error()); //delete from temp table $query = "DELETE FROM br_carttemp WHERE sess='$sessid'"; $delete = mysql_query($query); //email confirmations to us and the customer /recipients / $to = "<".$email.">"; $bcc = "<order@mydomain.com>";//example mail address for the forum //subject $subject = "order confirmation"; $subjectbcc = "new order received "; /¨message/ /top of message/ $message = "Thank you for shopping at . Your order was received on  ".$today."<br>"; $message .= "It will be processed as soon as possible<br>"; $message .= "We'll check if all items are still in stock and let you know the total with postage<br>"; $message .= "-------------------------------------------------------------------------------------<br>"; $message .= "-------------------------------------------------------------------------------------<br>"; $message .= "order number: ".$orderid."<br>"; $message .= "items:<br>"; while ($row = mysql_fetch_array($result5)) { $message .= $name.$title.$quan."<br>"; } $message .= "total of your purchases without postage:&nbsp".$total; $message .= "<br><br>"; $message .= "Your info:<br>"; $message .= $firstname." ".$lastname."<br>"; $message .= $add1."<br>"; if(!empty($add2)){ $message .= $add2; } $message .= $zip." ".$city."<br>"; if(!empty($state)){ $message .= $state."<br>"; } $message .= $country."<br><br>"; $message .= "you've chosen to ship ".$shippingmethod." and to pay with ".$paymentmethod; /headers/ $headers ="MIME-VERSION: 1.0\r\n"; $headers .="Content-type: text/html; charset=utf-8\r\n"; $headers .="From: <order@mydomain.com>\r\n"; /mail it/ mail ($to, $subject, $message, $headers); mail ($bcc, $subjectbcc, $message, $headers); //show them their order & give them an order number ?> <b>Thank you for your order!</b><br> <br>orderdate: <?php echo $today; ?><br> your ordernr. is <?php echo $orderid; ?> <br> <br> you will get a order confirmation email <br> (if you do not receive this, please contact us

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

31-07-2006, 18:17	#2 (permalink)
sjd Registered Abuser Join Date: Jun 2006 Location: Manchester, England. Posts: 174	What is the problem, i.e. where does the code go wrong? What do the logs say? Is it the mail function that's failing? Have you checked the values of the variables that you pass to the mail function? Also, on a different note, passing user supplied values straight into sql queries is an extremely bad idea because it opens your system up to sql injection attacks. Clean the POST values before setting the variables.

01-08-2006, 09:21	#4 (permalink)
sjd Registered Abuser Join Date: Jun 2006 Location: Manchester, England. Posts: 174	Note that I'm not a php guru. Saying that, after a quick look, I'd say that it's because you're looping through result5 in the email message to output the list of items, but you're not updating name, title or quantity in the loop, which means they'll always be the last value that they were set to. Also, the loop won't loop because you've not reset the row pointer. I'd set a string listing the details of the products when you actually select the orders from the products DB (br_products presumably) then output that string in the email message.

01-08-2006, 10:48	#6 (permalink)
sjd Registered Abuser Join Date: Jun 2006 Location: Manchester, England. Posts: 174	Cool. Now escape the submitted form data to prevent sql injection. http://us2.php.net/manual/en/functio...ape-string.php

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)