How Do I Do This?

I noticed that Message-ID: <3x*******************@news20.bellglobal.com>
from Justin Kozuch contained the following:

One link (<a href=confirm.php>confirm</a>) insert the word "confirmed" in
the option field in the database, the other link (<a
href=decline.php>confirm</a>) inserts the word "declined" in the option
field in the database. I am using PHP to do this. Has anyone done this
before? It seems simple, however, I can't quite get my head around it.

You'll have to pass a variable (the row id or some other unique value)
to the pages so that they know which record to update.

--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

On Monday 13 October 2003 08:43 pm, Justin Kozuch wrote:

Hi All,

I have created the beginnings of an RSVP script so that people can
confirm/decline an invitation I send via email.

When they go to the RSVP script, (www.site.com/rsvp.php), they enter their
email address in the textfield (called email). The email entered is
validated against the email address in the database. If the validation
fails, then it says "The email address was not found in the database.
Please check the email address and try again."

If validation is successful, the user is given the option to confirm or
decline the invitation. This is done via a text link.

What I would like to do is this:

One link (<a href=confirm.php>confirm</a>) insert the word "confirmed" in
the option field in the database, the other link (<a
href=decline.php>confirm</a>) inserts the word "declined" in the option
field in the database. I am using PHP to do this. Has anyone done this
before? It seems simple, however, I can't quite get my head around it.

Any help would be greatly appreciated.

I would create a single page, rsvp.php, that both produces a form for the
purpose and processes the input of the form it creates. Instead of doing
this with two steps (input address then accept or decline), I'd combine
these into a single form. Build the form with a single inputbox for the
email address, and three buttons:
1. Accept
2. Decline
3. Cancel
All three buttons submit. This avoids needing cookies or session handling
for what is really a simple one step task. Another benefit is that you can
put two links in your email, like so:
----- EXAMPLE -----
Please come to my brthday party! You can RSVP right here:
<a href="http://www.example1.com
rs************************@example2.com&rsvp=accep t">ACCEPT</a>

<a href="http://www.example1.com
rs************************@example2.com&rsvp=decli ne">DECLINE</a>
Hope to see you there!
----- EXAMPLE -----

Now, the neat thing is that you can handle everything with an SQL update
statement:

First, do your security checks. Check $_REQUEST["rsvp"] to be sure that it
is either accept or decliine, nothing else. Then check
$_REQUEST["recipient"] to be sure that it looks like an email address, is
acceptable in length and free of SQL injection code. (Part of this process
will be to "untaint" both recipient and rsvp into server-generated
variables. Let's call them $clean["rsvp"] and $clean["recipient"] to make
life easy.)

Now you can use some php that looks like this:

$query = "UPDATE Invitation_List SET rsvp = '" . $clean["rsvp"] . "' WHERE
recipient = '" . $clean["recipient"] . "'";
$result = mysql_query($query);
$affected = mysql_affected_rows( $result );
switch( $affected ) {
case 1:
echo "Thanks for the RSVP.";
break;
case 0:
echo "You've already let us know.";
break;
case -1:
echo "we were unable to locate your email address";
break;
default:
echo "should only get here if there are 2 invites to the ";
echo "same email address.";
}

Good luck. Hope this helps.
--
Don Faulkner, KB5WPM |
(This space | "All that is gold does not glitter."
unintentionally | "Not all those who wander are lost."
left blank) | -- J.R.R. Tolkien

I noticed that Message-ID: <vo************@corp.supernews.com> from Don
Faulkner contained the following:

Please come to my brthday party! You can RSVP right here:
<a href="http://www.example1.com
rs************************@example2.com&rsvp=acce pt">ACCEPT</a>

As long as you have made sure that the email addresses in the database
are unique.
--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Its easier to set a url query parameter to send to the database, eg:
<a href=submit.php?type=confirm>confirm</a>
<a href=submit.php?type=decline>decline</a>

use $_GET(['type']) in submit.php to retrieve either "confirm" or "decline"
and then SQL "insert into" the database.

"Justin Kozuch" <ju************@SPAMsympatico.ca> wrote in message
news:3x*******************@news20.bellglobal.com.. .

Hi All,

I have created the beginnings of an RSVP script so that people can
confirm/decline an invitation I send via email.

When they go to the RSVP script, (www.site.com/rsvp.php), they enter their
email address in the textfield (called email). The email entered is
validated against the email address in the database. If the validation
fails, then it says "The email address was not found in the database. Please check the email address and try again."

If validation is successful, the user is given the option to confirm or
decline the invitation. This is done via a text link.

What I would like to do is this:

One link (<a href=confirm.php>confirm</a>) insert the word "confirmed" in
the option field in the database, the other link (<a
href=decline.php>confirm</a>) inserts the word "declined" in the option
field in the database. I am using PHP to do this. Has anyone done this
before? It seems simple, however, I can't quite get my head around it.

Any help would be greatly appreciated.

Thanks In Advance,

Justin Kozuch
Founder, Dreaming in TO
Netkeepers.ca - Proud to be a Hosting Sponsor for DreaminginTO.com
w: http://www.dreamingNOSPAMinto.com
e: ju****@dreamingNOSPAMinto.com

Well if i was trying to do this i would use the following code. (should
also be valid XHTML)
<!-- validate.php -->
<?php

/* if email address isnt set it will ask for it */
if (!isset($_REQUEST["emailAddress"])) {
echo '
<form method="post" action="./validate.php" />
Email Address :<br /><input type="text" name="emailAddress" /><br />
<input type="submit" value="Validate me" />
</form>
';
exit;
}

/* if email address is set and not empty then it checks the DB */
if (isset($_REQUEST["emailAddress"]) && !empty($_REQUEST["emailAddress"])) {

/* Mysql database connection script here */
$connect = mysql_connect('SERVER','USER','PASSWORD');
$db = mysql_select_db('DB');

/* checking for record count with that email in that has no status */
$check = mysql_query("select email_field from emails where email_field =
'$_REQUEST[emailAddress]' where status_field = ''");
$num = mysql_num_rows($check);
if ($num >= 1) {
echo '
If you wish to accept the invitation click <b>"i accept"</b> if not
click <b>"i decline"</b> and your address will be removed from our
database.<br /><br />
<a
href="./setstatus.php?status=yes&email='.$_REQUEST["emailAddress"].'">I
Accept</a> - <a
href="./setstatus.php?status=no&email='.$_REQUEST["emailAddress"].'">I
Decline</a>';
}

} else {
echo 'Sorry your email address was not found on our database.';
}

?>

<!-- setstatus.php -->
<?php
/* if both variables are set then change database accordingly */
if (isset($_REQUEST["email"]) && isset($_REQUEST["status"])) {

/* Mysql database connection script here */
$connect = mysql_connect('SERVER','USER','PASSWORD');
$db = mysql_select_db('DB');

/* change their database status */
$update = mysql_query("update TABLE set status_field =
'$_REQUEST[status]' where email_field = '$_REQUEST[email]' ");

if ($_REQUEST["status"] == 'yes') {
echo 'Thank you for accepting our invitation.';
} else {
echo 'Thank you for updating your invitation status.';
}
}
?>

Have tested on a local server and should all work fine ;)
Have fun ;)
D.Rogers

Here is the error I got when trying to get this script going:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in
/hsphere/local/home/dreaming/dreaminginto.com/events/beta/validate.php on
line 24

I checked php.net to see if this the right syntax, and it looks ok to me....
Here is the code around line 24:

line 21: /* checking for record count with that email in that has no status
*/
line 22: $check = mysql_query("select email from event1list where email =
line 23: '$_REQUEST[emailAddress]' where option = ''");
line 24: $num_rows = mysql_num_rows($check);
line 25: if ($num >= 1) {
line 26: echo '

Any ideas? It's choking on that $num_rows line, and possibly on line 22, but
I could be wrong. Hey, I'm just a novice at PHP!!!

Justin Kozuch
"Dominic Rogers" <do*@dodgydom.com> wrote in message
news:4v******************@news-reader.eresmas.com...

Well if i was trying to do this i would use the following code. (should
also be valid XHTML)
<!-- validate.php -->
<?php

/* if email address isnt set it will ask for it */
if (!isset($_REQUEST["emailAddress"])) {
echo '
<form method="post" action="./validate.php" />
Email Address :<br /><input type="text" name="emailAddress" /><br />
<input type="submit" value="Validate me" />
</form>
';
exit;
}

/* if email address is set and not empty then it checks the DB */
if (isset($_REQUEST["emailAddress"]) && !empty($_REQUEST["emailAddress"])) {
/* Mysql database connection script here */
$connect = mysql_connect('SERVER','USER','PASSWORD');
$db = mysql_select_db('DB');

/* checking for record count with that email in that has no status */
$check = mysql_query("select email_field from emails where email_field =
'$_REQUEST[emailAddress]' where status_field = ''");
$num = mysql_num_rows($check);
if ($num >= 1) {
echo '
If you wish to accept the invitation click <b>"i accept"</b> if not
click <b>"i decline"</b> and your address will be removed from our
database.<br /><br />
<a
href="./setstatus.php?status=yes&email='.$_REQUEST["emailAddress"].'">I
Accept</a> - <a
href="./setstatus.php?status=no&email='.$_REQUEST["emailAddress"].'">I
Decline</a>';
}

} else {
echo 'Sorry your email address was not found on our database.';
}

?>

<!-- setstatus.php -->
<?php
/* if both variables are set then change database accordingly */
if (isset($_REQUEST["email"]) && isset($_REQUEST["status"])) {

/* Mysql database connection script here */
$connect = mysql_connect('SERVER','USER','PASSWORD');
$db = mysql_select_db('DB');

/* change their database status */
$update = mysql_query("update TABLE set status_field =
'$_REQUEST[status]' where email_field = '$_REQUEST[email]' ");

if ($_REQUEST["status"] == 'yes') {
echo 'Thank you for accepting our invitation.';
} else {
echo 'Thank you for updating your invitation status.';
}
}
?>

Have tested on a local server and should all work fine ;)
Have fun ;)
D.Rogers

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

Here is the error I got when trying to get this script going:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in
/hsphere/local/home/dreaming/dreaminginto.com/events/beta/validate.php on
line 24

I checked php.net to see if this the right syntax, and it looks ok to
me....
Here is the code around line 24:

line 21: /* checking for record count with that email in that has no
status
*/
line 22: $check = mysql_query("select email from event1list where email =
line 23: '$_REQUEST[emailAddress]' where option = ''");
line 24: $num_rows = mysql_num_rows($check);
line 25: if ($num >= 1) {
line 26: echo '

Any ideas? It's choking on that $num_rows line, and possibly on line 22,
but
I could be wrong. Hey, I'm just a novice at PHP!!!

The error you are getting indicates that the MySQL query failed probably
because of a syntax error in your SQL. In this case you have two 'where'
clauses. Replace the "where option=" with "and option=".

A few notes:
1) You should never put a $_REQUEST (or $_GET or $_POST) variable directly
into an SQL statement. It's a huge security risk. You should at least use
addslashes().
2) You set $num_rows to the number of rows, then you test $num... probably
not what you want.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

I made the change regarding "and option=" and it's still doing the same
thing...

Justin

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:iB*******************@newssvr21.news.prodigy. com...

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

Here is the error I got when trying to get this script going:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in
/hsphere/local/home/dreaming/dreaminginto.com/events/beta/validate.php on line 24

I checked php.net to see if this the right syntax, and it looks ok to
me....
Here is the code around line 24:

line 21: /* checking for record count with that email in that has no
status
*/
line 22: $check = mysql_query("select email from event1list where email = line 23: '$_REQUEST[emailAddress]' where option = ''");
line 24: $num_rows = mysql_num_rows($check);
line 25: if ($num >= 1) {
line 26: echo '

Any ideas? It's choking on that $num_rows line, and possibly on line 22,
but
I could be wrong. Hey, I'm just a novice at PHP!!!

The error you are getting indicates that the MySQL query failed probably
because of a syntax error in your SQL. In this case you have two 'where'
clauses. Replace the "where option=" with "and option=".

A few notes:
1) You should never put a $_REQUEST (or $_GET or $_POST) variable directly
into an SQL statement. It's a huge security risk. You should at least use
addslashes().
2) You set $num_rows to the number of rows, then you test $num... probably
not what you want.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:iB*******************@newssvr21.news.prodigy. com...

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

Here is the error I got when trying to get this script going:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result
resource in
/hsphere/local/home/dreaming/dreaminginto.com/events/beta/validate.php on line 24

I checked php.net to see if this the right syntax, and it looks ok to
me....
Here is the code around line 24:

line 21: /* checking for record count with that email in that has no
status
*/
line 22: $check = mysql_query("select email from event1list where
email = line 23: '$_REQUEST[emailAddress]' where option = ''");
line 24: $num_rows = mysql_num_rows($check);
line 25: if ($num >= 1) {
line 26: echo '

Any ideas? It's choking on that $num_rows line, and possibly on line
22,
but
I could be wrong. Hey, I'm just a novice at PHP!!!

The error you are getting indicates that the MySQL query failed probably
because of a syntax error in your SQL. In this case you have two 'where'
clauses. Replace the "where option=" with "and option=".

A few notes:
1) You should never put a $_REQUEST (or $_GET or $_POST) variable
directly
into an SQL statement. It's a huge security risk. You should at least
use
addslashes().
2) You set $num_rows to the number of rows, then you test $num...
probably
not what you want.

I made the change regarding "and option=" and it's still doing the same
thing...

I didn't notice it before but you're also missing an = in "where
email='$_REQUEST"

I suggest the following:

$emailaddr = addslashes($_REQUEST['emailAddress']);
$sqlstr = "select email from event1list where email='$emailaddr' and
option=''";
$check = mysql_query($sqlstr) or die("$sqlstr failed because
".mysql_error());
$num_rows = ....

This code will display a message telling you why the query failed and show
you the expanded query.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

Ok we are getting there... It's printing the error on the screen:

Select email from event1list where email='' and option=' ' failed because
You have an error in your SQL syntax near 'option=' '' at line 1

Code:

/* checking for record count with that email in that has no status */
$emailaddr = addslashes($_REQUEST['emailAddress']);
$sqlstr = "Select email from event1list where email='$emailAdress' and
option=''";
$check = mysql_query($sqlstr) or die("$sqlstr failed because
".mysql_error());
$num_rows = mysql_num_rows($sqlstr);
echo '

Justin

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:Xl**************@newssvr25.news.prodigy.com.. .

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:iB*******************@newssvr21.news.prodigy. com...

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:
> Here is the error I got when trying to get this script going:
>
> Warning: mysql_num_rows(): supplied argument is not a valid MySQL
> result
> resource in
> /hsphere/local/home/dreaming/dreaminginto.com/events/beta/validate.php

on

> line 24
>
> I checked php.net to see if this the right syntax, and it looks ok

to > me....
> Here is the code around line 24:
>
> line 21: /* checking for record count with that email in that has no
> status
> */
> line 22: $check = mysql_query("select email from event1list where
> email

=

> line 23: '$_REQUEST[emailAddress]' where option = ''");
> line 24: $num_rows = mysql_num_rows($check);
> line 25: if ($num >= 1) {
> line 26: echo '
>
> Any ideas? It's choking on that $num_rows line, and possibly on line
> 22,
> but
> I could be wrong. Hey, I'm just a novice at PHP!!!

The error you are getting indicates that the MySQL query failed probably because of a syntax error in your SQL. In this case you have two 'where' clauses. Replace the "where option=" with "and option=".

A few notes:
1) You should never put a $_REQUEST (or $_GET or $_POST) variable
directly
into an SQL statement. It's a huge security risk. You should at least
use
addslashes().
2) You set $num_rows to the number of rows, then you test $num...
probably
not what you want.

I made the change regarding "and option=" and it's still doing the same
thing...

I didn't notice it before but you're also missing an = in "where
email='$_REQUEST"

I suggest the following:

$emailaddr = addslashes($_REQUEST['emailAddress']);
$sqlstr = "select email from event1list where email='$emailaddr' and
option=''";
$check = mysql_query($sqlstr) or die("$sqlstr failed because
".mysql_error());
$num_rows = ....

This code will display a message telling you why the query failed and show
you the expanded query.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

Ok we are getting there... It's printing the error on the screen:

Select email from event1list where email='' and option=' ' failed because
You have an error in your SQL syntax near 'option=' '' at line 1

Code:

/* checking for record count with that email in that has no status */
$emailaddr = addslashes($_REQUEST['emailAddress']);
$sqlstr = "Select email from event1list where email='$emailAdress' and
option=''";
$check = mysql_query($sqlstr) or die("$sqlstr failed because
".mysql_error());
$num_rows = mysql_num_rows($sqlstr);
echo '

Option turns out to be a MySQL reserved word (something else I didn't
notice). To use it in a select you must enclose it in back ticks (over next
to the 1 key) like `option`='' . Also you want to use the same variable name
for email address either $emailaddr or $emailAdress but not both, that's why
it's showing up as an empty string when your select is displayed.

It looks like option=' ' has a space in between the quotes, I don't see
where it's coming from.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

Bingo! Now I have to figure out why its not inserting anything in to the DB.

Justin

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:Qb*******************@newssvr21.news.prodigy. com...

On 14-Oct-2003, "Justin Kozuch" <ju************@SPAMsympatico.ca> wrote:

Ok we are getting there... It's printing the error on the screen:

Select email from event1list where email='' and option=' ' failed because You have an error in your SQL syntax near 'option=' '' at line 1

Code:

/* checking for record count with that email in that has no status */
$emailaddr = addslashes($_REQUEST['emailAddress']);
$sqlstr = "Select email from event1list where email='$emailAdress' and
option=''";
$check = mysql_query($sqlstr) or die("$sqlstr failed because
".mysql_error());
$num_rows = mysql_num_rows($sqlstr);
echo '
Option turns out to be a MySQL reserved word (something else I didn't
notice). To use it in a select you must enclose it in back ticks (over

next to the 1 key) like `option`='' . Also you want to use the same variable name for email address either $emailaddr or $emailAdress but not both, that's why it's showing up as an empty string when your select is displayed.

It looks like option=' ' has a space in between the quotes, I don't see
where it's coming from.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

i thought i sent you the working source code again with your alterations
in it ?

Ignore that post.... its working perfectly, I emailed you the updated code
with the working error correction snippet.

Justin

"Dominic Rogers" <do*@dodgydom.com> wrote in message
news:7r*******************@news-reader.eresmas.com...

i thought i sent you the working source code again with your alterations
in it ?