Hello,
I have a script that partially works. The function of the script is to email the user and insert to a table from text input using $POST_ and check boxes of items using array. My problem is, the script will send all of the “check box chosen” array variable values to the email (like I want), yet only the $POST
Since the user may choose many check boxes at a time, it sends 1 email per row, I may ask for help with a “loop” and “delete” function later, but I’ll try to figure it out later. I don’t want to be a burden.
Also, I do know this code has inject problems, but I would like to get the insert working (and delete from other table later) first.
Any help you can give is greatly appreciated. I have beat my head against a wall for over a week now!
[CODE]function insert_wire() {
$checkbox=$_POST[‘checkbox’];
for($i=0;$i<count($checkbox);$i++){
$del_id = $checkbox[$i];
$differencetolocaltime=2; // Local server time offset in hours
$new_U=date(“U”)-$differencetolocaltime*1810; // + to add, – to subtract
$time = date(“l F d Y @ g:i a”, $new_U);
$job_name = $_POST[‘job_name’];
$job_email = $_POST[‘job_email’];
$p_o_number = $_POST[‘p_o_number’];
$size = $row[‘size’];
$conductor = $row[‘conductor’];
$insulation = $row[‘insulation’];
$length = $row[‘length’];
// Strip r and n from the email address
$job_name = stripslashes($job_name);
$job_name = preg_replace(“/r/”, “”, $job_name);
$job_name = preg_replace(“/n/”, “”, $job_name);
// Remove injected headers
$find = array(“/bcc:/i”,”/Content-Type:/i”,”/cc:/i”,”/to:/i”);
$job_name = preg_replace($find, “**bogus header removed**”, $job_name);
//$location = preg_replace($find, “**bogus header removed**”, $location);
$headers .= “From: ” . $_POST[“job_email”];
$headers .= “MIME-Version: 1.0rn”;
$headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;
$ip = $_SERVER[“REMOTE_ADDR”];
$host = gethostbyaddr($ip);
$subject = $_POST[“job_name”] . “nWire Addition”; // your website or chosen Subject
$site = “http://www.mysite.com”; // submitted from
// multiple recipients
$to = ‘[email protected]’ . ‘, ‘; // note the comma
$to .= $_POST[“job_email”];
$message = ‘<html><body>’;
$message .= ‘<img src=”http://www.mysite.com/logo.jpg” alt=”logo” />’;
$message .= ‘<table rules=”all” style=”border-color: #000;” border=”2″ cellpadding=”2″ width=”500″>’;
$message .= “<tr><td colspan=’2′><strong> Job Name:</strong> </td><td colspan=’3′>” . $_POST[‘job_name’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>Email:</strong> </td><td colspan=’3′>” . $_POST[‘job_email’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>PO#:</strong> </td><td colspan=’3′>” . $_POST[‘p_o_number’] . “</td></tr>”;
$message .= “<tr><td colspan=’2′><strong>Time of Order:</strong> </td><td colspan=’3′>” . $time . “</td></tr>”;
$message .= “<tr>”;
$message .= “<td><strong>ID</strong></td>”;
$message .= “<td><strong>Size</strong></td>”;
$message .= “<td><strong>Conductor</strong></td>”;
$message .= “<td><strong>Insulation</strong></td>”;
$message .= “<td><strong>Length</strong></td>”;
$message .= “</tr>”;
$query=”SELECT * FROM unclaimed WHERE id=’$del_id'”;
$result=mysql_query($query) or die(mysql_error());
$sno=1;
while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
$message .= “<tr>”;
$message .= “<td>” . $row[‘id’] . “</td>”;
$message .= “<td>” . $row[‘size’] . “</td>”;
$message .= “<td>” . $row[‘conductor’] . “</td>”;
$message .= “<td>” . $row[‘insulation’] . “</td>”;
$message .= “<td>” . $row[‘length’] . “</td>”;
$message .= “</tr>”;
$sno=$sno+1;
}
$message .= “</table>”;
$message .= “</body></html>”;
$message2 = “Submitted from: ” . $site . “nHost: ” . $host . “nIP: ” . $ip . “nTime: ” . $time . “nnJob Name: ” . $job_name . “nnEmail: ” . $job_email . “nnPO Number: ” . $p_o_number;
if ($job_name && $job_email && $p_o_number) {
if (mail($to, $subject, $message, $headers)) {
$sql2=”select * from unclaimed where id=’$del_id'”;
$result2=mysql_query($sql2) or die(“select fails”);
$no=mysql_num_rows($result2);
}
}
if ($no > 0) {
$sql = “insert INTO claimed (id,size,conductor,insulation,length,time,job_name,job_email,p_o_number) SELECT NULL,’$size’,’$conductor’,’$insulation’,’$length’,now(),’$job_name’,’$job_email’,’$p_o_number’ FROM unclaimed WHERE id=’$del_id'”;
$result = mysql_query($sql) or die(“insert fails”);
echo “<br /><h1>Wire Added</h1>”;
} else {
echo “<br /><h1>This wire has already been added.</h1>”;
}
}
}
echo mysql_error();
?>