Help with email script

adammc

Hi Folks,

I am trying to write a script that emails a newsletter to the members in my database.

I have it sending the email however it is not printing the name field in the email when sent.

I even tried setting the name variable like so $name = $r1["name"];

Here is the code I am using:

<?

include("../../config.php");
include("../db-connect.php");


if(isset($submit))
{
	if(empty($validated))
	{
	echo "<center><br><br><br> Error.<br> Go <a class=TN href=mail.php> back</a> and make your choice. </center>";
	exit;
	}
	if(empty($message))
	{
	echo "<center><br><br><br> You are trying to send blank email. <br> Go <a class=TN href=mail.php> back</a> and write some text. </center>";
	exit;
	}

 if($_POST[validated] == 'yes')
 {
$q1 = "select email, name from newsletter WHERE validated='yes' ";
$r1 = mysql_query($q1) or die(mysql_error());
    $name = $r1["name"];
 }


 elseif($_POST[validated] == 'no')
 {
$q1 = "select email, name from newsletter WHERE validated='no' ";
$r1 = mysql_query($q1) or die(mysql_error());
$name = $r1["name"];

 }



while($a1 = mysql_fetch_array($r1))
{

$message = " Dear $name \n\n\n $message";
	$from = "From: info@kimberleys.net.au";
	mail($a1[0], $subject, $message, $from); 


}
echo "<center><br><br><br>The mail was sent successfully. </center>";
unset($validated);
exit;
}
?>

Any help would be GREATLY appreciated.

Houdini

This should work

$q1= "SELECT email,name FROM newsletter WHERE validated = 'yes'";
$r1= mysql_query($q1);
$row= mysql_fetch_array($r1,MYSQL_ASSOC);
$email=$row['email'];
echo $email;

adammc

Thanks for the advice 🙂

I decided to go with something like this:

<? 

include("../../config.php"); 
include("../db-connect.php"); 


if(isset($submit)) 
{ 
if(empty($validated)) 
{ 
echo "<center><br><br><br> Error.<br> Go <a class=TN href=mail.php> back</a> and make your choice. </center>"; 
exit; 
} 
if(empty($message)) 
{ 
echo "<center><br><br><br> You are trying to send blank email. <br> Go <a class=TN href=mail.php> back</a> and write some text. </center>"; 
exit; 
} 

if($_POST[validated] == 'yes') 
{ 
$q1 = "select email, name from newsletter WHERE validated='yes' "; 
$r1 = mysql_query($q1) or die(mysql_error()); 
$name = $r1["name"]; 
} 


elseif($_POST[validated] == 'no') 
{ 
$q1 = "select email, name from newsletter WHERE validated='no' "; 
$r1 = mysql_query($q1) or die(mysql_error()); 
$name = $r1["name"]; 

} 



while($a1 = mysql_fetch_array($r1)) 
{ 
$name = $a1["name"]; 
$message = " Dear $name \n\n\n $message"; 
$from = "From: info@kimberleys.net.au"; 
mail($a1[0], $subject, $message, $from); 

} 
echo "<center><br><br><br>The mail was sent successfully. </center>"; 
unset($validated); 
exit; 
} 
?>

It is working however I am a bit concerned about security.
The script will be installed in a protected directory, do I need to add any code snippets to make it more secure?

Also, am I going to see problems like timeouts if i try and email 100's of members using this script?

laserlight

You need to be more careful with your checking of incoming variables and quoting of array indices. Also, where does $subject come from?

<?php

include "../../config.php";
include "../db-connect.php";

if (isset($_POST['submit']))
{
	if (empty($_POST['validated'])
		|| !($_POST['validated'] == 'yes' || $_POST['validated'] == 'no'))
	{
		echo "<center><br><br><br> Error.<br> Go <a class=TN href=mail.php> back</a> and make your choice. </center>";
		exit;
	}
	if (empty($_POST['message']))
	{
		echo "<center><br><br><br> You are trying to send blank email. <br> Go <a class=TN href=mail.php> back</a> and write some text. </center>";
		exit;
	}

$query = "SELECT email, name FROM newsletter WHERE validated='{$_POST['validated']}'";
$result = mysql_query($query)
	OR die(mysql_error());

while ($row = mysql_fetch_assoc($result))
{
	$message = " Dear " . $row['name'] . " \n\n\n " . $_POST['message'];
	$from = "From: info@kimberleys.net.au";
	// where does $subject come from?
	mail($row['email'], $subject, $message, $from);
}
echo "<center><br><br><br>The mail was sent successfully. </center>";
exit;
}
?>

adammc

Hi,
thanks for the reply 🙂

subject and message come from the email form code found below the code I posted.

adammc

I am trying to get rid of the /'s that appear when using punctuation in the email by using 'stripslashes'...

But I cant work out the correct format to use here:


 while ($row = mysql_fetch_assoc($result)) 
    { 

    $message = " Dear " . $row['name'] . " \n\n" . $_POST['message']; 
    $from = "From: info@kimberleys.net.au"; 
    // where does $subject come from? 
    mail($row['email'], $subject, $message, $from); 
}

Any help would be greatly appreciated.