We have a site with a form that when submitted, does the following (via the code below);
Sends a test email to myself BEFORE INSERTING INTO MYSQL just so i know php mailer is working, which it always does in all my tests
Then inserts all the data from the form into MYSQL (This always works too)
Send another email via PHP Mailer with all the info they submitted. I want it in plain text (this works only about 80% of the time).
What's happening is, sometimes people submit and it does everything, but sometimes it only does steps 1 and 2. So sometimes, something seems to be breaking somewhere. I feel like it could be issues with certain punctuation, but not sure. Like in the $copy fields, people can enter whatever they want. Not sure if there are certain punctuations that could break the 2nd email process.
NOTE: Every time someone submits, it does take them to the request-success.php page. But it doesn't always send the email from Step 3.
If anyone sees areas of improvement, or things that are just wrong, please share. This is driving me insane.
<?php
session_start();
include_once("config.php");
include_once("includes/functions.php");
require 'phpmailer/PHPMailerAutoload.php';
//database configuration & connection (hiding for privacy purposes, but the database connections work fine so not relevant
if ($_POST['submit']) {
$type=$_POST['type'];
$category= substr($type, 0, strpos($type, ' -'));
$category= strtolower($category);
$category= ucfirst($category);
$need = substr($type, strpos($type, "-") + 1);
$subject="REQUEST for " . $type;
$fullname= $_SESSION['google_data']['name'];
$fromemail=$_SESSION['google_data']['email'];
$brands=$_POST['brand'];
$size=$_POST['size'];
if ($size == "") {
$size="n/a";
}
$bleed=$_POST['bleed'];
if ($bleed =="no") {
$bleedsize="n/a";
} else {
$bleedsize=$_POST['bleedsize'];
}
$filetype=$_POST['filetype'];
if ($filetype=="") {
$filetype="n/a";
}
$footerurl=$_POST['footer-url'];
if ($footerurl=="") {
$footerurl="n/a";
}
$footerphone=$_POST['footer-phone'];
if ($footerphone=="") {
$footerphone="n/a";
}
$copy=mysqli_real_escape_string($con,$_POST['copy']);
$copyforemail=$_POST['copy'];
$approved=$_POST['approved'];
$seo=$_POST['seo'];
$proofread=$_POST['proofread'];
$info=mysqli_real_escape_string($con,$_POST['info']);
$infoforemail=$_POST['info'];
$priority=$_POST['priority'];
$requestdate= date('Y-m-d');
$duedate = date('Y-m-d', strtotime(str_replace('-', '/', $_POST['duedate'])));
if ($duedate =="1969-12-31") {
$duedate="0000-00-00";
}
$timinginfo=mysqli_real_escape_string($con,$_POST['timinginfo']);
$timinginfoforemail=$_POST['timinginfo'];
$communication=mysqli_real_escape_string($con,$_POST['communication']);
$communicationforemail=$_POST['communication'];
//TEST EMAIL BEFORE INSERTING
$mail = new PHPMailer;
//$mail->SMTPDebug = 3; // Enable verbose debug output
/*
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = ''; // SMTP username
$mail->Password = ''; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
*/
$mail->setFrom($fromemail, $fullname);
$mail->addAddress('[email protected]', 'my name'); // Add recipients
$mail->addReplyTo('[email protected]', 'my name');
/*$mail->addCC('[email protected]');
$mail->addBCC('[email protected]');
$mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments
$mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name*/
$mail->isHTML(true); // Set email format to HTML
$mail->Subject = "Request coming for Creative Team";
$mail->Body = "Request coming";
$mail->AltBody = "Request coming";
if(!$mail->send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
//continue to insert
}
$sql = "INSERT INTO requests (firstname, lastname, email, picture, category, type, brand, size, bleed, bleedsize, filetype, footerurl, footerphone, copy, approved, proofread, seo, info, priority, requestdate, duedate, timinginfo, communication ) VALUES ('" . $_SESSION['google_data']['given_name'] . "', '" . $_SESSION['google_data']['family_name'] . "','" . $_SESSION['google_data']['email'] . "', '" . $_SESSION['google_data']['picture'] . "', '$category', '$need', '$brands', '$size', '$bleed', '$bleedsize', '$filetype', '$footerurl', '$footerphone', '$copy', '$approved', '$proofread', '$seo', '$info', '$priority', '$requestdate', '$duedate', '$timinginfo', '$communication')";
$insertinfo = mysqli_query($con, $sql);
if (!$insertinfo) {
die("Database query failed: " . mysqli_error($con));
} else {
//Success, continue to email...
}
$plaintextversion= "
$type
BRAND: $brands
SPECS
SIZE: $size
BLEED: $bleed
BLEED SIZE: $bleedsize
FILE TYPE: $filetype
FOOTER URL: $footerurl
FOOTER PHONE: $footerphone
COPY: $copyforemail
COPY APPROVED? $approved
PROOFREAD? $proofread
ADDITIONAL INFO: $infoforemail
TIMING
PRIORITY: $priority
REQUEST DATE: $requestdate
DESIRED DUE DATE: $duedate
TIMING INFO: $timinginfoforemail
COMMUNICATION
ADDITIONAL PEOPLE TO INCLUDE: $communicationforemail";
} else {
header("Location:index.php");
}
$mail = new PHPMailer;
//$mail->SMTPDebug = 3; // Enable verbose debug output
/*
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = ''; // SMTP username
$mail->Password = ''; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
*/
$mail->setFrom($fromemail, $fullname);
$mail->addAddress('[email protected]', 'someone'); // Add recipients
$mail->addReplyTo('[email protected]', 'my name');
/*$mail->addCC('[email protected]');
$mail->addBCC('[email protected]');
$mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments
$mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name*/
$mail->isHTML(false); // Set email format to plain text since that is what Salesforce needs
$mail->Subject = $subject;
$mail->Body = $plaintextversion;
$mail->AltBody = $plaintextversion;
if(!$mail->send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
header("Location:request-success.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title>Untitled Document</title>
</head>
<body>
</body>
</html>
If you want plain-text only, call isHTML(false) and set only Body - don't put anything in AltBody.
There's no need to start from scratch every time - you can re-use the same PHPMailer instance and just change properties before sending for the second time.
You're using the submitters address as the From address - that's forgery, and will result in bounces from SPF failures, so put your address in From and theirs in reply-to.
As Jon says, validate, sanitize and escape anything going into SQL - it's quite likely that your failures are from submissions that contain a ', which will break your SQL.