Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
Now I am simply annoyed
Here is Mail_Compose.php:
<?php
/*
Program Designation ......Mail_Compose.php
Program Specifications....This program is designed to take input from the user
and input it into the MySQL Database for viewing by
another user.
Program Author............Wamboldt, Founder, Ground Zero Studios
Program Security..........This program validates all input from the user and
removes html tags.
Program Version...........1.00
*/
?>
<?php
session_start();
****Connection details here****
if (@$_SESSION['auth'] != "yes") /* Checks if the user is logged in*/
{
header("Location: login.php");
exit();
}
$connection = mysql_connect($host,$user,$password)
or die ("Unable to connect to server");
$db = mysql_select_db($database, $connection)
or die ("Unable to select a MySQL database");
$date = date("Y-m-d h:m:s");
$sql = "SELECT FirstName,LastName,Password,Title FROM ClientData
WHERE LoginName='{$_SESSION['logname']}'";
$result = mysql_query($sql)
or die("Unable to execute dynamic query 1");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
extract($row);
$sql2 = "SELECT Discount,ServiceCount,CourseCount,Admin,Reviews FROM ClientData2
WHERE LoginName='{$_SESSION['logname']}'";
$result2 = mysql_query($sql2)
or die("Unable to execute dynamic query 2");
$row2 = mysql_fetch_array($result2,MYSQL_ASSOC);
extract($row2);
/*Begin Validate Mail Code */
switch (@$_GET['do'])
{
case "validate":
$_GET["do"];
if ($do == "validate")
{
$sql3 = "SELECT LoginName FROM ClientData
WHERE LoginName='$_POST[to_user]'"; //Attempts to select the user the message is going to
$result3 = mysql_query($sql3) //Executes query
or die("Unable to execute the specified MySQL query 3");
$num3 = mysql_num_rows($result3); //Sets the value of num to the amount of rows found in the above query
if ($num3 == 0)
{
unset($_get['do']);
$error = "Sorry, $to_user does not exist.";
include("Mail_Compose_Form.html");
exit();
}
elseif ($num3 != 0)
{
$do == "send";
header("Location: Mail_Compose.php?do=send");
}
}
/*End of Validate Mail Code */
break; //START OF LOGIN REGISTRATION FORM
case "send":
/* Begin Send Mail Code */
$_GET["do"];
if ($do == "send") //Checks to see if the script has validated all data submitted
{
$to="$_POST[to_user]";
$sql_send = "INSERT INTO Mail (Sender,Reciever,Subject,Body,Date,Opened)
VALUES ('{$_SESSION['logname']}','$to','$_POST[subject_input]','$_POST[body_text]','$date','n')";
$result_send = mysql_query($sql_send);
$error = "You message has been sent to $to_user successfully."; //This message will be displayed in Mail_Home
header("Location: mail_home.php");
}
/*End of Send Mail Code */
break;
default:
include("Mail_Compose_Form.html");
}
?>
Here is Mail_Compose_Form.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Ground Zero Studios; Imagination Technologies PM System</title>
<meta name="description" content="Affordable Web and Game design and programming">
<meta name="keywords" content="HTML, XHTML, CSS, JavaScript, PHP, Affordable, Web Design, Freelancers">
</head>
<body bgcolor="*0CCFF">
<?php include 'marquee.php'; //Includes the Marquee file?>
<?php include 'NavbarAlpha.php'; //Includes the Main Navagation bar ?>
<h2 align="center">Welcome
<?php echo " $Title $FirstName $LastName\n";//Displays the User's Title, First Name, and Last Name ?>
</h2>
<?php include 'ClientNavAlpha.php'; //Includes the Client Navagation Bar ?>
<table border="0">
<tr><td><?php echo "<font color=red><b>$error</b></font>"; ?></td></tr>
</table>
<table border="0">
<form action="Mail_Compose.php?do=validate" method="POST">
<tr><td>To:</td><td><input type="text" name="to_user" value="<?php echo @$to_user ?>" size="50" maxlegnth="40"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="subject_input" value="<?php echo @$subject_input ?>" size="50" maxlegnth="100"></td></tr></table>
<table><tr><td><textarea name="body_text" rows="20" cols="50"><?php echo @$body_text ?></textarea></td></tr>
<tr><td><input type="submit" align="center" value="Send"></td></tr>
</form>
</td>
</table>
</body>
</html>
Whenever I use my scripts all that is inserted into the database is the sender, date, and opened variables. No spelling mistakes either. If i replace vars with predetermined text it works but that is pointless. I want to know why this code doesn't work. ANy help is greatly appreciated
well you can't just have a ' inside of a string enclosed with '. what i mean is that you have:
query blah blah VALUES('$_POST['this']')
because the ['this'] is inside the VALUES('…')
just replace the VALUES('…')
with
VALUES("..")
oh, lol never mind you don't even have the key in your $_POST array enclosed with quotes or apostrophes. you have $_POST[body_text] well you need the $_POST['body_text'], and then do what i said above.
understand?