Chapter 14: Mailing Lists 481 6. Click the link at the bottom of the page to send a message to your users. A new page appears where you can compose a new message and send it either to a single mailing list or to the users of all the mailing lists, as shown in Figure 14 - 2 . Since you just created these pages, you don ’ t have any users yet. You can compose a message, but it won ’ t go to anyone. You need to create the user pages, which you ’ ll do shortly. Figure 14-2 How It Works A common practice is to post a form back to itself, and you certainly could have done that here. In fact, you have done this in earlier projects in this book. When your page contains data that needs to be inserted into a database, however, you need to think twice about a self - posting form. If the user were to refresh or reload the page, all of your database functions would run again, and that could be disastrous. You could end up with duplicate data or delete records you didn ’ t mean to delete. To minimize that probability, you post to a separate script called ml_admin_transact.php . This page handles all of the necessary database transactions, and then directs you back to the page from which you came. No harm will come to your database if the user reloads the page at that point. To accommodate having several forms post their information to a central transaction script, all of your submit buttons have the same name, “ action, ” but each has a different value. The transaction script can check the value of the $_POST[ ‘ action ’ ] variable to see which button was pressed and perform the appropriate actions. c14.indd 481c14.indd 481 12/10/08 6:02:31 PM12/10/08 6:02:31 PM 482 Part II: Comic Book Fan Site In ml_admin.php , you present a form that collects information to be sent to ml_admin_transact .php . The first portion of the form is used to create new mailing lists, and is basic HTML because it is always visible. < form method=”post” action=”ml_admin_transact.php” > < p > < label for=”listname” > Add Mailing List: < /label > < br / > < input type=”text” id=”listname” name=”listname” maxlength=”100” / > < input type=”submit” name=”action” value=”Add New Mailing List” / > < /p > The second portion of the form allows you to delete a mailing list, and should only be shown if there are mailing lists available to delete. You first query the database for a list of mailing lists, and if mysql_num_rows() returns a value larger than 0, you display a select element populated with the lists. Each option displays the list ’ s name and uses the list ’ s ID as its value. < ?php $query = ‘SELECT ml_id, listname FROM ml_lists ORDER BY listname ASC’; $result = mysql_query($query, $db) or die(mysql_error($db)); if (mysql_num_rows($result) > 0) { echo ‘ < p > < label for=”ml_id” > Delete Mailing List: < /label > < br / > ’; echo ‘ < select name=”ml_id” id=”ml_id” > ’; while ($row = mysql_fetch_array($result)) { echo ‘ < option value=”’ . $row[‘ml_id’] . ‘” > ’ . $row[‘listname’] . ‘ < /option > ’; } echo ‘ < /select > ’; echo ‘ < input type=”submit” name=”action” value=”Delete ‘ . ‘Mailing List” / > ’; echo ‘ < /p > ’; } mysql_free_result($result); ? > < /form > Most of ml_quick_msg.php is HTML, and the PHP code that is used is practically identical to the code used to build the select in ml_admin.php . < form method=”post” action=”ml_admin_transact.php” > < table > < tr > < td > < label for=”ml_id” > Mailing List: < /label > < /td > < td > < select name=”ml_id” id=”ml_id” > < option value=”all” > All < /option > < ?php $query = ‘SELECT ml_id, listname FROM ml_lists ORDER BY listname’; c14.indd 482c14.indd 482 12/10/08 6:02:32 PM12/10/08 6:02:32 PM Chapter 14: Mailing Lists 483 $result = mysql_query($query, $db) or die(mysql_error($db)); while ($row = mysql_fetch_array($result)) { echo ‘ < option value=”’ . $row[‘ml_id’] . ‘” > ’ . $row[‘listname’] . ‘ < /option > ’; } mysql_free_result($result); ? > < /select > < /td > < /tr > < tr > < td > < label for=”subject” > Subject: < /label > < /td > < td > < input type=”text” name=”subject” id=”subject”/ > < /td > < /tr > < tr > < td > < label for=”message” > Message: < /label > < /td > < td > < textarea name=”message” id=”message” rows=”10” cols=”60” > < /textarea > < /td > < /tr > < tr > < td > < /td > < td > < input type=”submit” name=”action” value=”Send Message”/ > < /td > < /tr > < tr > < /table > < /form > Finally, you come to the real workhorse of the mailing list administrator application, admin_ transact.php . This page is the one to which you post your forms; it will process the information, update the database tables, and send out e - mails as required. It uses the SimpleMail class from Chapter 11 to send e - mail. If you are scratching your head and trying to remember exactly how the class works, then now would be a good time to take a break and review class.SimpleMail.php . require ‘class.SimpleMail.php’; Did the user click an “ action ” button? You filter the incoming value of $_POST[ ‘ action ’ ] and then act on the value accordingly, using a switch statement. Depending on which button was clicked, you ’ re going to perform one of three actions: create a new mailing list, delete an old mailing list, or send a message to the users subscribed to a list. $action = (isset($_POST[‘action’])) ? $_POST[‘action’] : ‘’; switch ($action) { case ‘Add New Mailing List’: break; case ‘Delete Mailing List’: break; case ‘Send Message’: break; } c14.indd 483c14.indd 483 12/10/08 6:02:33 PM12/10/08 6:02:33 PM 484 Part II: Comic Book Fan Site To add a new mailing list, you filter the incoming list name and insert a new record into the ml_lists table. case ‘Add New Mailing List’: $listname = isset($_POST[‘listname’]) ? $_POST[‘listname’] : ‘’; if (!empty($listname)) { $query = ‘INSERT INTO ml_lists (listname) VALUES (“’ . mysql_real_escape_string($listname, $db) . ‘”)’; mysql_query($query, $db) or die(mysql_error($db)); } break; Deleting a mailing list is only slightly more complex. Not only must you delete the mailing list itself, but you must also delete any subscriptions to the list. case ‘Delete Mailing List’: $ml_id = isset($_POST[‘ml_id’]) ? $_POST[‘ml_id’] : ‘’; if (ctype_digit($ml_id)) { $query = ‘DELETE FROM ml_lists WHERE ml_id=’ . $ml_id; mysql_query($query, $db) or die(mysql_error($db)); $query = ‘DELETE FROM ml_subscriptions WHERE ml_id=’ . $ml_id; mysql_query($query, $db) or die(mysql_error($db)); } break; The form in ml_quick_msg.php posts the mailing list as the mailing list ’ s ID, which — while great for ml_admin_transact.php — isn ’ t of much use to the subscriber. When you send a message, you want to let the user know which mailing list you are referring to. If the mailing list ID is ‘ all ’ instead of a number, you want to reflect that as well: case ‘Send Message’: $ml_id = isset($_POST[‘ml_id’]) ? $_POST[‘ml_id’] : ‘’; $subject = isset($_POST[‘subject’]) ? $_POST[‘subject’] : ‘’; $message = isset($_POST[‘message’]) ? $_POST[‘message’] : ‘’; if ($ml_id == ‘all’) { $listname = ‘Master’; } else if (ctype_digit($ml_id)) { $query = ‘SELECT listname FROM ml_lists WHERE ml_id=’ . $ml_id; $result = mysql_query($query, $db) or die(mysql_error($db)); $row = mysql_fetch_assoc($result); $listname = $row[‘listname’]; mysql_free_result($result); } else { break; } c14.indd 484c14.indd 484 12/10/08 6:02:33 PM12/10/08 6:02:33 PM Chapter 14: Mailing Lists 485 What follows is a more complicated SQL statement than you ’ ve written thus far, but not too difficult. What ’ s happening here is that you are grabbing the e - mails, first names, and user IDs from the ml_users table where the mailing list ID ( ml_id ) matches their user ID in the ml_subscriptions table. You do this by using the INNER JOIN command in SQL. You also don ’ t want to send any e - mails to those that are awaiting subscription confirmation, so select only those where pending = FALSE . If the administrator did not choose ‘ all ’ in the select list, you must limit your selection to the specific users that are subscribed to the mailing list the administrator selected. You do this by adding on the AND condition. $query = ‘SELECT DISTINCT u.user_id, u.first_name, u.email FROM ml_users u INNER JOIN ml_subscriptions s ON u.user_id = s.user_id WHERE s.pending = FALSE’; if ($ml_id != ‘all’) { $query .= ‘ AND s.ml_id = ‘ . $ml_id; } $result = mysql_query($query, $db) or die(mysql_error($db)); Finally, you iterate through the returned records with a while loop. Within the loop, you append a footer to the message that will be sent out, explaining how the user can unsubscribe from the mailing list, if he or she wants to. Then you create a new instance of the SimpleMail class and set the relevant options, and then the message can be sent on its way. Notice that you are looping through each e - mail address you have and sending an e - mail to each one, using the send() method. It is important to note that the page will not finish loading until it has sent every e - mail. This works fine if you have a few e - mail addresses (a few hundred or less). It has the added benefit of allowing you to personalize each e - mail. If you need to send to more people and don ’ t want to deal with the long wait time, we recommend putting all of your e - mail addresses in the BCC: field of the mail. You can ’ t personalize the e - mail, but the page will load much faster. while ($row = mysql_fetch_assoc($result)) { $footer = “\n\n” . ‘ ’ . “\n”; if (ctype_digit($ml_id)) { $footer .= ‘You are receiving this message as a member ‘ . ‘of the ‘ . $listname . “\n”; $footer .= ‘mailing list. If you have received this ‘ . ‘email in error or would like to’ . “\n”; $footer .= ‘remove your name from this mailing list, ‘ . ‘please visit the following URL:’ . “\n”; $footer .= ‘http://www.example.com/ml_remove.php?user_id=’ . $row[‘user_id’] . “ & ml=” . $ml_id; } else { $footer .= ‘You are receiving this email because you ‘ . ‘subscribed to one or more’ . “\n”; $footer .= ‘mailing lists. Visit the following URL to ‘ . ‘change your subscriptions:’ . “\n”; c14.indd 485c14.indd 485 12/10/08 6:02:33 PM12/10/08 6:02:33 PM 486 Part II: Comic Book Fan Site $footer .= ‘http://www.example.com/ml_user.php?user_id=’ . $row[‘user_id’]; } $mail = new SimpleMail(); $mail- > setToAddress($row[‘email’]); $mail- > setFromAddress(‘list@example.com’); $mail- > setSubject($subject); $mail- > setTextBody($message . $footer); $mail- > send(); } mysql_free_result($result); break; After the page is done with its transactions, it redirects the user to the ml_admin.php page. header(‘Location: ml_admin.php’); Sign Me Up! Now it ’ s time to look at the other half of the application, the Mailing List sign - up form. This is the page your users will use to sign up for any of the mailing lists that you have created. This portion of the application consists of ml_user.php , ml_user_transact.php , ml_thanks.php , and ml_remove.php . Try It Out Mailing List Signup The first task in coding this portion of the application is to create the scripts necessary to sign up subscribers. You will be coding ml_user.php , ml_user_transact.php , and ml_transact.php . You will code ml_remove.php later. 1. Enter the following code in your editor, and save it as ml_user.php : < ?php require ‘db.inc.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $user_id = (isset($_GET[‘user_id’]) & & ctype_digit($_GET[‘user_id’])) ? $_GET[‘user_id’] : ‘’; $first_name = ‘’; c14.indd 486c14.indd 486 12/10/08 6:02:33 PM12/10/08 6:02:33 PM Chapter 14: Mailing Lists 487 $last_name = ‘’; $email = ‘’; $ml_ids = array(); if (!empty($user_id)) { $query = ‘SELECT first_name, last_name, email FROM ml_users WHERE user_id = ‘ . $user_id; $result = mysql_query($query, $db) or die(mysql_error($db)); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); extract($row); } mysql_free_result($result); $query = ‘SELECT ml_id FROM ml_subscriptions WHERE user_id = ‘ . $user_id; $result = mysql_query($query, $db) or die(mysql_error($db)); while ($row = mysql_fetch_assoc($result)) { $ml_ids[] = $row[‘ml_id’]; } mysql_free_result($result); } ? > < html > < head > < title > Mailing List Signup < /title > < /head > < body > < h1 > Sign up for Mailing List: < /h1 > < form method=”post” action=”ml_user_transact.php” > < table > < tr > < td > < label for=”email” > Email Address: < /label > < /td > < td > < input type=”text” name=”email” id=”email” value=” < ?php echo $email; ? > ”/ > < /td > < /tr > < /table > < p > If you aren’t currently a member, please provide your name: < /p > < table > < tr > < td > < label for=”first_name” > First Name: < /label > < /td > < td > < input type=”text” name=”first_name” id=”first_name” value=” < ?php echo $first_name; ? > ”/ > < /td > < /tr > < tr > < td > < label for=”last_name” > Last Name: < /label > < /td > < td > < input type=”text” name=”last_name” id=”last_name” value=” < ?php echo $last_name; ? > ”/ > < /td > < /tr > < /table > c14.indd 487c14.indd 487 12/10/08 6:02:34 PM12/10/08 6:02:34 PM 488 Part II: Comic Book Fan Site < p > Select the mailing lists you want to receive: < /p > < p > < select name=”ml_id[]” multiple=”multiple” > < ?php $query = ‘SELECT ml_id, listname FROM ml_lists ORDER BY listname ASC’; $result = mysql_query($query, $db) or die(mysql_error($db)); print_r($ml_ids); while ($row = mysql_fetch_array($result)) { if (in_array($row[‘ml_id’], $ml_ids)) { echo ‘ < option value=”’ . $row[‘ml_id’] . ‘” selected=”selected” > ’; } else { echo ‘ < option value=”’ . $row[‘ml_id’] . ‘” > ’; } echo $row[‘listname’] . ‘ < /option > ’; } mysql_free_result($result); ? > < /select > < /p > < p > < input type=”submit” name=”action” value=”Subscribe” / > < /p > < /form > < /body > < /html > 2. Enter the transaction page by entering the following and saving it as ml_user_transact .php : < ?php require ‘db.inc.php’; require ‘class.SimpleMail.php’; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $action = (isset($_REQUEST[‘action’])) ? $_REQUEST[‘action’] : ‘’; switch ($action) { case ‘Subscribe’: $email = (isset($_POST[‘email’])) ? $_POST[‘email’] : ‘’; $query = ‘SELECT user_id FROM ml_users c14.indd 488c14.indd 488 12/10/08 6:02:34 PM12/10/08 6:02:34 PM Chapter 14: Mailing Lists 489 WHERE email=”’ . mysql_real_escape_string($email, $db) . ‘”’; $result = mysql_query($query, $db) or die(mysql_error($db)); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $user_id = $row[‘user_id’]; } else { $first_name = (isset($_POST[‘first_name’])) ? $_POST[‘first_name’] : ‘’; $last_name = (isset($_POST[‘last_name’])) ? $_POST[‘last_name’] : ‘’; $query = ‘INSERT INTO ml_users (first_name, last_name, email) VALUES (“’ . mysql_real_escape_string($first_name, $db) . ‘”, ‘ . ‘”’ . mysql_real_escape_string($last_name, $db) . ‘”, ‘ . ‘”’ . mysql_real_escape_string($email, $db) . ‘”)’; mysql_query($query, $db); $user_id = mysql_insert_id($db); } mysql_free_result($result); foreach ($_POST[‘ml_id’] as $ml_id) { if (ctype_digit($ml_id)) { $query = ‘INSERT INTO ml_subscriptions (user_id, ml_id, pending) VALUES (‘ . $user_id . ‘, ‘ . $ml_id . ‘, TRUE)’; mysql_query($query, $db); $query = ‘SELECT listname FROM ml_lists WHERE ml_id = ‘ . $ml_id; $result = mysql_query($query, $db); $row = mysql_fetch_assoc($result); $listname = $row[‘listname’]; $message = ‘Hello ‘ . $first_name . “\n” . $message .= ‘Our records indicate that you have subscribed ‘ . ‘to the ‘ . $listname . ‘ mailing list.’ . “\n\n”; $message .= ‘If you did not subscribe, please accept our ‘ . ‘apologies. You will not be subscribed if you do ‘ . ‘not visit the confirmation URL.’ . “\n\n”; $message .= ‘If you subscribed, please confirm this by ‘ . ‘visiting the following URL: ‘ . ‘http://example.com/ml_user_transact.php?user_id=’ . $user_id . ‘ & ml_id=’ . $ml_id . ‘ & action=confirm’; $mail = new SimpleMail(); c14.indd 489c14.indd 489 12/10/08 6:02:34 PM12/10/08 6:02:34 PM 490 Part II: Comic Book Fan Site $mail- > setToAddress($email); $mail- > setFromAddress(‘list@example.com’); $mail- > setSubject(‘Mailing list confirmation’); $mail- > setTextBody($message); $mail- > send(); unset($mail); } } header(‘Location: ml_thanks.php?user_id=’ . $user_id . ‘ & ml_id=’ . $ml_id . ‘ & type=c’); break; case ‘confirm’: $user_id = (isset($_GET[‘user_id’])) ? $_GET[‘user_id’] : ‘’; $ml_id = (isset($_GET[‘ml_id’])) ? $_GET[‘ml_id’] : ‘’; if (!empty($user_id) & & !empty($ml_id)) { $query = ‘UPDATE ml_subscriptions SET pending = FALSE WHERE user_id = ‘ . $user_id . ‘ AND ml_id = ‘ . $ml_list; mysql_query($query, $db); $query = ‘SELECT listname FROM ml_lists WHERE ml_id = ‘ . $ml_id; $result = mysql_query($query, $db); $row = mysql_fetch_assoc($result); $listname = $row[‘listname’]; mysql_free_result($result); $query = ‘SELECT first_name, email FROM ml_users WHERE user_id = ‘ . $user_id; $result = mysql_query($query, $db); $row = mysql_fetch_assoc($result); $first_name = $row[‘first_name’]; $email = $row[‘email’]; mysql_free_result($result); $message = ‘Hello ‘ . $first_name . ‘,’ . “\n”; c14.indd 490c14.indd 490 12/10/08 6:02:35 PM12/10/08 6:02:35 PM [...]... $user_id; $result = mysql_ query($query, $db) or die (mysql_ error($db)); if (mysql_ num_rows($result) > 0) { $row = mysql_ fetch_assoc($result); extract($row); } mysql_ free_result($result); $query = ‘SELECT ml_id FROM ml_subscriptions WHERE user_id = ‘ $user_id; $result = mysql_ query($query, $db) or die (mysql_ error($db)); while ($row = mysql_ fetch_assoc($result)) { $ml_ids[] = $row[‘ml_id’]; } mysql_ free_result($result);... code and saving it as ml_thanks.php: Thank You . ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘class.SimpleMail.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db)); . ‘db.inc.php’; $db = mysql_ connect (MYSQL_ HOST, MYSQL_ USER, MYSQL_ PASSWORD) or die (‘Unable to connect. Check your connection parameters.’); mysql_ select_db (MYSQL_ DB, $db) or die (mysql_ error($db));