PHP unsubscribe help

PHP
1

here is code:

<html>

<p>Please enter the email for which you want to unsubscribe:</p>

<form action="unsub.php" method="POST">

<label>Enter Your Email:</label><input type="text" name="unsub_mail" value=""/>
<br>
<input type="submit" name="Submit" value="Submit"/>
</form>
<a href="mail.php">Re-subscribe</a>
</html>




<?php

$user = ""; 
$password = ""; 
$host = ""; 




$unsub_mail= $_POST['unsub_mail'];


// Connection to DBase 
mysql_connect($host,$user,$password) 
or die("Unable to select database");
$db = mysql_select_db('tjaabba_com');

$query="DELETE FROM Mail WHERE email='$unsub_mail'";
$que = mysql_query ($query) 
or die ('Error querying database.');

//This also work but the current code is better
/*
if(isset($_POST['unsub_mail'])){
echo 'You have been removed from the newsletter';
}
*/
function check($unsub_mail){
$user = "********"; 
$password = "*******"; 
$host = "********"; 
mysql_connect($host,$user,$password) 
or die("Unable to select database");
global $db;
$in_db = mysql_query("SELECT * FROM Mail WHERE email='$unsub_mail'");
if( mysql_num_rows($in_db) > 0 ){
return true;
}else{
return false;
}
}
if(isset($_POST['Submit'])){
if(check($unsub_mail) == false){
echo 'You are not in our newsletter database. Subscribe first';
}else

if(isset($_POST['Submit'])){
if($_POST['unsub_mail'] == NULL){
echo 'Oops you forgot email adress';
}else{
echo 'You have been removed from the newsletter';
}
}
}

?>

Now it always stands “You are not in our newsletter database. Subscribe first” even if email exist in db… I want to make that if it not match something in db it stands “You are not in our newsletter database. Subscribe first” but if it does it should echo out “You have been removed from the newsletter”

Thanks for help!

2

You’ve got the check function calling itself, try removing that call to check in the if-else block where you’re currently calling it. What’s of more concern however is that code as it stands is wide open to attack from a SQL Injection attack.

Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.

Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.

3

@SpacePhoenix
i dont really understand what u mean. could u send how code should be?

4

here is code:
HTML Code:

<html>

<p>Please enter the email for which you want to unsubscribe:</p>

<form action="unsub.php" method="POST">

<label>Enter Your Email:</label><input type="text" name="unsub_mail" value=""/>
<br>
<input type="submit" name="Submit" value="Submit"/>
</form>
<a href="mail.php">Re-subscribe</a>
</html>

PHP Code:

<?php

$user = "";
$password = "";
$host = "";




$unsub_mail= $_POST['unsub_mail'];


// Connection to DBase
mysql_connect($host,$user,$password)
or die("Unable to select database");
$db = mysql_select_db('tjaabba_com');

$query="DELETE FROM Mail WHERE email='$unsub_mail'";
$que = mysql_query ($query)
or die ('Error querying database.');

//This also work but the current code is better
/*
if(isset($_POST['unsub_mail'])){
echo 'You have been removed from the newsletter';
}
*/
function check($unsub_mail){
$user = "********";
$password = "*******";
$host = "********";
mysql_connect($host,$user,$password)
or die("Unable to select database");
global $db;
$in_db = mysql_query("SELECT * FROM Mail WHERE email='$unsub_mail'");
if( mysql_num_rows($in_db) > 0 ){
return true;
}else{
return false;
}
}
if(isset($_POST['Submit'])){
if(check($unsub_mail) == false){
echo 'You are not in our newsletter database. Subscribe first';
}else

if(isset($_POST['Submit'])){
if($_POST['unsub_mail'] == NULL){
echo 'Oops you forgot email adress';
}else{
echo 'You have been removed from the newsletter';
}
}
}

?>

Now it always stands “You are not in our newsletter database. Subscribe first” even if email exist in db… I want to make that if it not match something in db it stands “You are not in our newsletter database. Subscribe first” but if it does it should echo out “You have been removed from the newsletter”

Thanks for help!

ps: please post new code that works if u can :slight_smile:

5

Here is a PDO version. Please learn and use PDO for all database queries.

<?php
$user = "";
$password = "";
$host = "localhost";
$dbname = "tjaabba_com";

try{
	$db = new PDO("mysql:host=$host;dbname=$dbname", "$user", "$password");
}catch (PDOException $e){
	//Use only for debugging
	//echo "Database error: ".$e->getMessage();
	echo "Database connection error";
}

function check($db,$unsub_mail){
	$query = $db->prepare("SELECT COUNT(*) FROM Mail WHERE email = :email");
	$query->bindParam(":email", $unsub_mail);
	$query->execute();
	$rowcnt = $query->fetchColumn(); 					
	
	if($rowcnt > 0 ){
		return true;
	}else{
		return false;
	}
}

if(isset($_POST['Submit'])){
	if(empty($_POST['unsub_mail'])){
		$message = "Oops you forgot email address";
	}else{
		$unsub_mail = trim($_POST['unsub_mail']);
		if(check($db,$unsub_mail) == false){
			$message = "You are not in our newsletter database. Subscribe first";
		}else{
			$query = $db->prepare("DELETE FROM Mail WHERE email = :email");
			$query->bindParam(":email", $unsub_mail);
			$query->execute();
			$message = "You have been removed from the newsletter";
		}
	}
}else{
	$message = "Please enter the email for which you want to unsubscribe:";
}

?>
<html>
	<body>
		<p><?php echo $message;?></p>		
		<form action="unsub.php" method="post">			
			<label>Enter Your Email:</label><input type="text" name="unsub_mail" value="" />
			<br />
			<input type="submit" name="Submit" value="Submit" />
		</form>
		<a href="mail.php">Re-subscribe</a>
	</body>
</html>
6