I am learning PHP and it is going pretty well so far, but I’m stuck with this problem. I’ve made an application where user submits the form, it gets converted to PDF and user receives it on the email. Everything works just fine, except that, when there are more then one users submitting the form, who first submits it gets to PDFs. I am using tFPDF and PHPMailer. I believe that I should be using sessions or cookies to get email to designated user, but really don’t know how. Any help is more then welcome.
This doesnt make sense? (to me at least)
A form can be used/submitted by multiple users…
Once the form is submitted, it does its routine/process… and emails whatever you want out. As soon as the next user submits… the same process happens.
I think you need to explain a bit further.
I tried application on live server. What happens is when when I submit it on two devices, where it was submitted first, that mail is echoed on result page, regardless that two different mails were inputted. Further more, when user clicks to get report on email he/she gets two same reports reports with the same id. Could it be how I query it, “by report_id ASC LIMIT 1”? This is what bothers me, why is only the first email echoed? It looks like that the second one is being overwritten somehow.
You need to post your actual code to get specific help with what is wrong with it.
Programming is the act of taking a general-purpose computer and getting it to do what you want. There are multiple different ways of implementing any particular feature. A dozen different people could have written a form to email application and are getting the same symptom as you, but there could be a different cause in each of their programs.
I’ve solved this issue by using session
if(isset($_POST['email'])){
$emailAddress = $_POST['email'];
$_SESSION['emailaddress'] = $emailAddress;
}
Thank you everyone for your help.
Stop creating variables for nothing and NEVER EVER trust user supplied data. That little snippet is vulnerable to an XSS Attack.
Would you please explain not to create variables for nothing, I really don’t understand what do you mean by that? Can you provide an example how to do it the right way? Thanks.
$emailAddress is a “variable for nothing”. You already have $_POST[‘email’], just use it.
if(isset($_POST['email'])){
$_SESSION['emailaddress'] = $_POST['email'];
}
This still has the problem of directly using user supplied data though.
I’ve made variable $emailAddress to use it in PHPMailer. How am i going to pass email address to PHPMailer if not through variable? And thank you for your concern for XSS Attack. I am learning about htmlspecialchars() and regex, and I’ll try to implement it.
$_POST[‘email’] IS a variable.
Variables in PHP are represented by a dollar sign followed by the name of the variable.
https://www.php.net/manual/en/language.variables.basics.php
Nevertheless, it should not be used as direct output without being run through htmlspecialchars.
Is this enough for XSS protection, I’ve used an email as an example:
$email = htmlspecialchars($_POST['email']);
if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errEmail = 'Please enter a valid email';
}
And instead of using variable $emailAdrees I should be using $_POST[‘email’] for an output?
Thank you very much for your help.
htmlspecialchars is an output function in an HTML context.
In a properly coded form $_POST[‘email’] will always exist so your ! check will never run. You first need to trim the entire POST array and then check for empty. You would want a required validation check. If data exists in $_POST[‘email’] then you would use the FILTER. Errors should be put into an errors array and then checked whether there is anything in the array, looping over the errors if there are any. Do not create individual error variables.
You’ve helped me a lot. Thank you very much.