/    Sign up×
Community /Pin to ProfileBookmark

[RESOLVED] A bit of trouble with mailing

Copy linkTweet thisAlerts:
Oct 19.2010

[code=php]if(isset($_POST[submit])){
if(isset($_POST[‘username’])){
$username = $_POST[‘username’];
$password = mysql_query(“SELECT Password FROM users WHERE ‘$username’; = Username”);
$to = mysql_query(“SELECT Email FROM users WHERE ‘$username’; = Username”);
} elseif(isset($_POST[’email’])){
$to = $_POST[’email’];
$password = mysql_query(“SELECT Password FROM users WHERE ‘$to’; = Email”);
$username = mysql_query(“SELECT Username FROM users WHERE ‘$to’; = Email”);
} else {
echo “<div style=’color: red;’>Please put something.</div>”;
}

$subject = “Your Railsexy Password”;

$message = “Hey, “. $username .”.

You asked for a new password on the railsexy.com gallery, and so we gave you one. If you dont want it, or if you are not “. $username .”, all you will have to do is nothing.

Otherwise, your password is “. $password .”. Oh and please dont respond to this.”;

if (@mail($to, $subject, $message)) {
echo(‘<p>Mail sent successfully.</p>’);
} else {
echo(‘<p>Mail could not be sent.</p>’);
}
}[/code]

As featured here [url]http://www.railsexy.com/newsite/?p=3[/url].

Any thoughts?

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@NogDogOct 19.2010 — mysql_query() does not return a string, it returns a query resource which must then be used via a mysql_fetch_*() or mysql_result() function to get the results (if there were any).

Additionally, you should be able to get all the database info via a single query, which would me more efficient than a separate query for each field. Also, you need to "sanitize" any user-supplied data before using it in your query -- see mysql_real_escape_string().
Copy linkTweet thisAlerts:
@Not_to_mentionauthorOct 23.2010 — Would this sanitation thing be done when the user registers or when they ask for a new password.
Copy linkTweet thisAlerts:
@WalfriedOct 23.2010 — Wenn i wrote:

line 31 ini_set("SMTP","smtpmail.t-online.de");

line 32 imap_open("smtpmail.t-online.de","Walfried.kroemker");

line 33 mail($an, $betreff, $msg,'From:'.$email);

I get the answer:

Wrong parameter count for imap_open() in line 32

Warning: mail SMTP server responce: 5305.7.0 Authentification required

What have i to do? Help me please!
Copy linkTweet thisAlerts:
@NogDogOct 23.2010 — Would this sanitation thing be done when the user registers or when they ask for a new password.[/QUOTE]

Any time you use externally supplied data in a database query, it needs to be "sanitized" in order to prevent accidental or malicious SQL injection errors.
Copy linkTweet thisAlerts:
@Not_to_mentionauthorOct 24.2010 — [code=php]if(isset($_POST[submit])){
if(isset($_POST['username'])){
$username = $_POST['username'];
$password = mysql_query("SELECT Password FROM users WHERE '$username'; = Username");
$to = mysql_query("SELECT Email FROM users WHERE '$username'; = Username");
} elseif(isset($_POST['email'])){
$to = $_POST['email'];
$password = mysql_query("SELECT Password FROM users WHERE '$to'; = Email");
$username = mysql_query("SELECT Username FROM users WHERE '$to'; = Email");
} else {
echo "<div style='color: red;'>Please put something.</div>";
}
$password = mysql_fetch_row(mysql_real_escape_string($password));
$username = mysql_fetch_row(mysql_real_escape_string($username));
$subject = "Your Railsexy Password";

$message = "Hey, ". $username .".

You asked for a new password on the railsexy.com gallery, and so we gave you one. If you dont want it, or if you are not ". $username .", all you will have to do is nothing.

Otherwise, your password is ". $password .". Oh and please dont respond to this.";

if (@mail($to, $subject, $message)) {

echo('<p>Mail sent successfully.</p>');

} else {

echo('<p>Mail could not be sent.</p>');

}

}[/code]

That doesn't seem to work either, because it says:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/roadwolf/public_html/railsexy/newsite/pages/forgot.php on line 14

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/roadwolf/public_html/railsexy/newsite/pages/forgot.php on line 15.

This is all very familiar to me, can someone jog my memory? I almost know i'm missing a step.
×

Success!

Help @Not_to_mention spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...