Function passing variables to email & insert, email works, insert only partial works

Hello,

I have a script that partially works. The function of the script is to email the user and insert to a table from text input using $POST_ and check boxes of items using array. My problem is, the script will send all of the “check box chosen” array variable values to the email (like I want), yet only the $POST_ variables will insert to the table. I cannot get the “check box chosen” array variable values to INSERT, only the form $POST.

Since the user may choose many check boxes at a time, it sends 1 email per row, I may ask for help with a “loop” and “delete” function later, but I’ll try to figure it out later. I don’t want to be a burden.

Also, I do know this code has inject problems, but I would like to get the insert working (and delete from other table later) first.

Any help you can give is greatly appreciated. I have beat my head against a wall for over a week now!

[CODE]function insert_wire() {

$checkbox=$_POST[‘checkbox’];

for($i=0;$i<count($checkbox);$i++){
$del_id = $checkbox[$i];

$differencetolocaltime=2; // Local server time offset in hours
$new_U=date(“U”)-$differencetolocaltime*1810; // + to add, – to subtract
$time = date(“l F d Y @ g:i a”, $new_U);
$job_name = $_POST[‘job_name’];

$job_email = $_POST[‘job_email’];

$p_o_number = $_POST[‘p_o_number’];

$size = $row[‘size’];

$conductor = $row[‘conductor’];

$insulation = $row[‘insulation’];

$length = $row[‘length’];

// Strip r and n from the email address

$job_name = stripslashes($job_name);

$job_name = preg_replace(“/r/”, “”, $job_name);

$job_name = preg_replace(“/n/”, “”, $job_name);

// Remove injected headers

$find = array(“/bcc:/i”,”/Content-Type:/i”,”/cc:/i”,”/to:/i”);

$job_name = preg_replace($find, “**bogus header removed**”, $job_name);

//$location = preg_replace($find, “**bogus header removed**”, $location);

$headers .= “From: ” . $_POST[“job_email”];
$headers .= “MIME-Version: 1.0rn”;
$headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;

$ip = $_SERVER[“REMOTE_ADDR”];

$host = gethostbyaddr($ip);

$subject = $_POST[“job_name”] . “nWire Addition”; // your website or chosen Subject

$site = “http://www.mysite.com”; // submitted from

// multiple recipients
$to = ‘[email protected]’ . ‘, ‘; // note the comma
$to .= $_POST[“job_email”];

$message = ‘<html><body>’;
$message .= ‘<img src=”http://www.mysite.com/logo.jpg” alt=”logo” />’;
$message .= ‘<table rules=”all” style=”border-color: #000;” border=”2″ cellpadding=”2″ width=”500″>’;
$message .= “<tr><td colspan=’2′><strong> Job Name:</strong> </td><td colspan=’3′>” . $_POST[‘job_name’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>Email:</strong> </td><td colspan=’3′>” . $_POST[‘job_email’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>PO#:</strong> </td><td colspan=’3′>” . $_POST[‘p_o_number’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>Time of Order:</strong> </td><td colspan=’3′>” . $time . “</td></tr>”;

$message .= “<tr>”;
$message .= “<td><strong>ID</strong></td>”;
$message .= “<td><strong>Size</strong></td>”;
$message .= “<td><strong>Conductor</strong></td>”;
$message .= “<td><strong>Insulation</strong></td>”;
$message .= “<td><strong>Length</strong></td>”;
$message .= “</tr>”;
$query=”SELECT * FROM unclaimed WHERE id=’$del_id'”;
$result=mysql_query($query) or die(mysql_error());
$sno=1;
while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
$message .= “<tr>”;
$message .= “<td>” . $row[‘id’] . “</td>”;
$message .= “<td>” . $row[‘size’] . “</td>”;
$message .= “<td>” . $row[‘conductor’] . “</td>”;
$message .= “<td>” . $row[‘insulation’] . “</td>”;
$message .= “<td>” . $row[‘length’] . “</td>”;
$message .= “</tr>”;

$sno=$sno+1;
}

$message .= “</table>”;
$message .= “</body></html>”;

$message2 = “Submitted from: ” . $site . “nHost: ” . $host . “nIP: ” . $ip . “nTime: ” . $time . “nnJob Name: ” . $job_name . “nnEmail: ” . $job_email . “nnPO Number: ” . $p_o_number;

if ($job_name && $job_email && $p_o_number) {

if (mail($to, $subject, $message, $headers)) {

$sql2=”select * from unclaimed where id=’$del_id'”;

$result2=mysql_query($sql2) or die(“select fails”);

$no=mysql_num_rows($result2);

}

}

if ($no > 0) {

$sql = “insert INTO claimed (id,size,conductor,insulation,length,time,job_name,job_email,p_o_number) SELECT NULL,’$size’,’$conductor’,’$insulation’,’$length’,now(),’$job_name’,’$job_email’,’$p_o_number’ FROM unclaimed WHERE id=’$del_id'”;

$result = mysql_query($sql) or die(“insert fails”);

echo “<br /><h1>Wire Added</h1>”;

} else {

echo “<br /><h1>This wire has already been added.</h1>”;

}
}
}
echo mysql_error();
?>[/CODE]

Also in #PHP _↴