mail() and MySQL - Send form to mail & SQL database

Discussion in 'PHP' started by HeritageSam, Aug 7, 2009.

0
  1. #1
    Hi, i've been trying to make a ticket system that inserts a form's results into a database and emails the results to me. I have been able to build the form to insert the informaton to the database, OR to send me the email, but whenever I try to do both, it stops working after the first try (which is successful). Below is the code I have tried on the form:

    <?php require_once('Connections/Ticket.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO ticket (name, subject, message, priority, email) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['comments'], "text"),
                       GetSQLValueString($_POST['comments'], "text"),
                       GetSQLValueString($_POST['visited'], "text"),
                       GetSQLValueString($_POST['email'], "text"));

  mysql_select_db($database_Ticket, $Ticket);
  $Result1 = mysql_query($insertSQL, $Ticket) or die(mysql_error());
}

if (array_key_exists('send', $_POST)) {
  //mail processing script
  // remove escape characters from POST array
  if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value) {
      $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
      return $value;
      }
    $_POST = array_map('stripslashes_deep', $_POST);
    }
  
  $to = 'sam@heritageitservices.co.uk'; // use your own email address
  $subject = 'Ticket Posted on Adfirmo Group';
  
  // list expected fields
  $expected = array('name', 'email', 'comments', 'visited', 'subscribe');
  // set required fields
  $required = array('name', 'comments', 'visited');
  // create empty array for any missing fields
  $missing = array();
  
  // assume that there is nothing suspect
  $suspect = false;
  // create a pattern to locate suspect phrases
  $pattern = '/Content-Type:|Bcc:|Cc:/i';
  
  // function to check for suspect phrases
  function isSuspect($val, $pattern, &$suspect) {
    // if the variable is an array, loop through each element
	// and pass it recursively back to the same function
	if (is_array($val)) {
      foreach ($val as $item) {
	    isSuspect($item, $pattern, $suspect);
	    }
	  }
    else {
      // if one of the suspect phrases is found, set Boolean to true
	  if (preg_match($pattern, $val)) {
        $suspect = true;
	    }
	  }
    }

  // check the $_POST array and any subarrays for suspect content
  isSuspect($_POST, $pattern, $suspect);
  
  if ($suspect) {
    $mailSent = false;
	unset($missing);
	}
  else {
    // process the $_POST variables
    foreach ($_POST as $key => $value) {
      // assign to temporary variable and strip whitespace if not an array
      $temp = is_array($value) ? $value : trim($value);
      // if empty and required, add to $missing array
      if (empty($temp) && in_array($key, $required)) {
        array_push($missing, $key);
        }
      // otherwise, assign to a variable of the same name as $key
      elseif (in_array($key, $expected)) {
        ${$key} = $temp;
        }
      }  
    }
	
  // validate the email address
  if (!empty($email)) {
    // regex to identify illegal characters in email address
    $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
	// reject the email address if it deosn't match
	if (!preg_match($checkEmail, $email)) {
	  $suspect = true;
	  $mailSent = false;
	  unset($missing);
	  }
	}
  
  // go ahead only if not suspsect and all required fields OK
  if (!$suspect && empty($missing)) {
    // set default values for variables that might not exist
	$interests = isset($interests) ? $interests : array('None selected');
	
    // build the message
    $message = "Name: $name\n\n";
    $message .= "Email: $email\n\n";
    $message .= "Ticket: $comments\n\n";
	$message .= "Priority: $visited\n\n";
	$message .= "Callback: $subscribe";

    // limit line length to 70 characters
    $message = wordwrap($message, 70);

    // create additional headers
	$headers = 'From: Ticket - Adfirmo Group<info@adfirmogroup.heritageitsupport.com>';
	if (!empty($email)) {
	  $headers .= "\r\nReply-To: $email";
	  }
	
    // send it  
    $mailSent = mail($to, $subject, $message, $headers);
	  if ($mailSent) {
      // $missing is no longer needed if the email is sent, so unset it
      unset($missing);
      }
	}
  }
?>
    Code (markup):
    Many Thanks,
    Sam T
     
    HeritageSam, Aug 7, 2009 IP