2. PHPRunner General questions
  3. Change data through email
This topic is locked

Change data through email

 		7/14/2013 4:06:16 PM
PHPRunner General questions
T
 Tayyab Ilyas author

Hi I have a field (Yes/No) in customer
I want to send a link to customer saying if they agree click below link and if they click the link i want to update field as yes.
This is something similar to user confirmation email, how can i achieve this.
Thanks in advance for support.
N
 		nohope4you 7/16/2013

I think you could set it up to have this in the before process area of say a view page:



global $conn;

if ($_REQUEST["update"])

{

$str = "Update Table_1 SET Confirm="Yes" WHERE Name = '".$_REQUEST["update"]."'";

db_exec($str,$conn);

?><script>

window.location='Thankyoupage.php';

</script><?php

}


and your hyperlink in your email would look like



http://test/view.php?editid1=[persons name]&update=[persons name]


I haven't tested this but I think this would work.



Hi I have a field (Yes/No) in customer
I want to send a link to customer saying if they agree click below link and if they click the link i want to update field as yes.
This is something similar to user confirmation email, how can i achieve this.
Thanks in advance for support.
Sergey Kornilov admin 7/16/2013

In theory solution described by nohope4you will definitely work. In real life you have two deal with two issues:

  1. Protect yourself from SQL injection
  2. Protect application from unauthorized updates. Since ID and Name are passed via URL as a plain text malicious users will be able to confirm any random record this way. More reliable approach is to use some sort of random string as a URL parameter. You will also need to have a new field in the database to store this random string. Random string needs to be generated and stored in the database when you send the email.
    Sample URL:

http://test/view.php?hash=kjhd7sklf03kjsjd3md


Sample code (BeforeProcess event)

if ($_REQUEST["hash"])

{

CustomQuery("Update Table_1 SET Confirm='Yes' WHERE hash = '".addslashes($_REQUEST["hash"])."'";

header("Location: Thankyoupage.php");

}