On Monday 13 October 2003 08:43 pm, Justin Kozuch wrote:
Hi All,
I have created the beginnings of an RSVP script so that people can
confirm/decline an invitation I send via email.
When they go to the RSVP script, (www.site.com/rsvp.php), they enter their
email address in the textfield (called email). The email entered is
validated against the email address in the database. If the validation
fails, then it says "The email address was not found in the database.
Please check the email address and try again."
If validation is successful, the user is given the option to confirm or
decline the invitation. This is done via a text link.
What I would like to do is this:
One link (<a href=confirm.php>confirm</a>) insert the word "confirmed" in
the option field in the database, the other link (<a
href=decline.php>confirm</a>) inserts the word "declined" in the option
field in the database. I am using PHP to do this. Has anyone done this
before? It seems simple, however, I can't quite get my head around it.
Any help would be greatly appreciated.
I would create a single page, rsvp.php, that both produces a form for the
purpose and processes the input of the form it creates. Instead of doing
this with two steps (input address then accept or decline), I'd combine
these into a single form. Build the form with a single inputbox for the
email address, and three buttons:
1. Accept
2. Decline
3. Cancel
All three buttons submit. This avoids needing cookies or session handling
for what is really a simple one step task. Another benefit is that you can
put two links in your email, like so:
----- EXAMPLE -----
Please come to my brthday party! You can RSVP right here:
<a href="http://www.example1.com
rs************************@example2.com&rsvp=accep t">ACCEPT</a>
<a href="http://www.example1.com
rs************************@example2.com&rsvp=decli ne">DECLINE</a>
Hope to see you there!
----- EXAMPLE -----
Now, the neat thing is that you can handle everything with an SQL update
statement:
First, do your security checks. Check $_REQUEST["rsvp"] to be sure that it
is either accept or decliine, nothing else. Then check
$_REQUEST["recipient"] to be sure that it looks like an email address, is
acceptable in length and free of SQL injection code. (Part of this process
will be to "untaint" both recipient and rsvp into server-generated
variables. Let's call them $clean["rsvp"] and $clean["recipient"] to make
life easy.)
Now you can use some php that looks like this:
$query = "UPDATE Invitation_List SET rsvp = '" . $clean["rsvp"] . "' WHERE
recipient = '" . $clean["recipient"] . "'";
$result = mysql_query($query);
$affected = mysql_affected_rows( $result );
switch( $affected ) {
case 1:
echo "Thanks for the RSVP.";
break;
case 0:
echo "You've already let us know.";
break;
case -1:
echo "we were unable to locate your email address";
break;
default:
echo "should only get here if there are 2 invites to the ";
echo "same email address.";
}
Good luck. Hope this helps.
--
Don Faulkner, KB5WPM |
(This space | "All that is gold does not glitter."
unintentionally | "Not all those who wander are lost."
left blank) | -- J.R.R. Tolkien