<?php
session_start();
include_once("../Connection/Connection.php");
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
if(isset($_POST['Approved'])){
$patient_id = $_POST['ID'];
$sql = "UPDATE tbl_patient SET request_status = 'Approved' WHERE patient_id = '$patient_id'";
$user = mysqli_query($con, $sql);
$sqluser = "SELECT `patient_id`,`patient_name`,`patient_email` FROM tbl_patient WHERE patient_id = '$patient_id'";
$userresult = mysqli_query($con, $sqluser);
while($row = mysqli_fetch_assoc($userresult)){
if(!empty($row['patient_email'])){
require '../PHPMailer-master/src/Exception.php';
require '../PHPMailer-master/src/PHPMailer.php';
require '../PHPMailer-master/src/SMTP.php';
require_once '../PHPMailer-master/src/PHPMailer.php';
require_once '../PHPMailer-master/src/SMTP.php';
date_default_timezone_set('Asia/Manila');
$d=strtotime('today');
$day=date('Y-m-d h:i:s');
$subj = 'Donation Approval '. date("m-d-Y h:i:s a");
$new_body = "TO: ".$row['patient_name']."\n";
$new_body .= "RE: ".$subj."\n\n";
$new_body .= "Dear ".$row['patient_name'].",\n\n";
$new_body .= "You're Request Form you sent has been Approved. Wait for donor to donate.\n\n";
$new_body .= "Contact us if you have any questions.\n";
$new_body .= "Municipality of Bacnotan\n";
$new_body .= "trialforsystem39@gmail.com\n";
//echo $new_body;
$mail = new PHPMailer(true);
try{
$mail->isSMTP();
$mail->SMTPDebug = 2;
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'trialforsystem39@gmail.com';
$mail->Password = '{REDACTED}';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = 587;
$mail->SetFrom('trialforsystem39@gmail.com', "Online Blood Donation");
$mail->AddReplyTo('trialforsystem39@gmail.com', "Online Blood Donation");
$mail->Subject = $subj;
$mail->Body = $new_body;
$mail->addAddress($row['patient_email']);
if(!$mail->Send())
{
echo "Mailer Error: " . $mail->ErrorInfo;
}
else
{
}
}catch(Exception $e){
echo $e->getMessage();
}
}
}
}
if(isset($_POST['Declined'])){
$id = $_POST['ID'];
$d_id = $_POST['D_ID'];
$name = $_POST['NAME'];
$date = $_POST['SEND_DATE'];
// $approve = $_POST['approve'];
// $reject = $_POST['reject'];
$sql = "UPDATE tbl_patient SET request_status = 'Declined' WHERE patient_id = '$id'";
$user = $con->query($sql) or die ($con->error);
//header("Location: ../Admin_dashboard_requests.php?declined=success&D_ID=".$d_id."&name=".$name."&send_date=".$date);
//exit();
}
?>
Why do you have these? You’ve already require
d them once.
You might want to think about fixing the SQL Injection Vulnerabilities. NEVER EVER trust user supplied data and never use variables in a query. Use Prepared Statements. And stop creating variables for nothing.
1 Like
For reference, what that means is that instead of
$sql = "UPDATE tbl_patient SET request_status = 'Approved' WHERE patient_id = '$patient_id'";
$user = mysqli_query($con, $sql);
you should be using
$statement = mysqli_prepare($con, 'UPDATE tbl_patient SET request_status = "Approved" WHERE patient_id = ?');
mysqli_stmt_bind_param($statement, 's', $patient_id);
mysqli_stmt_execute($statement);
This is to prevent SQL Injection.
As for your question, I don’t know why it can’t connect. Everything seems to be configured correctly.
Is there any more information around the error that is shown?
1 Like
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.