Having problems getting the email to send. keep getting Array to string conversion

Question

I am having an issue with the email portion of this code. when I submit the record it says inserted successfully inserted, but for the email I get Notice: Array to string conversion and it does not want to send the email of the products ordered to the email entered. I can not figure out what the issue is. I will keep trying different methods.

process_insert.php

 <html>
    <head>
    <title></title>
    </head>
    <body>
    <?php
        ini_set('display_errors', 1);
        error_reporting(~0);

        $serverName = "localhost";
        $userName = "root";
        $userPassword = "";
        $dbName = "blog_samples";

        $conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);

        $rows_count = count($_POST["name"]);

        for($i=0;$i<$rows_count;$i++){

            // PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

            $employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]);
            $name = mysqli_real_escape_string($conn,$_POST["name"][$i]);
            $code = mysqli_real_escape_string($conn,$_POST["code"][$i]);
            $quantity = intval($_POST["quantity"][$i]);
            $price = mysqli_real_escape_string($conn,$_POST["price"][$i]);


            $sql = "INSERT INTO order_table ( employee_name, name, code, quantity, price) 
                VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')";

            $query = mysqli_query($conn,$sql);
        }

        if(mysqli_affected_rows($conn)>0) {
            echo "Record add successfully";
        }



    $to = "test123@gmail.com";

    $subject = "Supplies";
    $headers = "From: user@gmail.com";  

    $message =

    "employee_name: " . $_POST['employee_name'] . " 

    " ."name: ".  $_POST['name'] ." 

    ". "code: " . $_POST['code'] . " 

    " ."quantity: ".  $_POST['quantity'] . " 

    ". "price: " . $_POST['price'] . "";


    mail($to,$subject,$message,$headers); 


    ?>
    </body>
    </html>

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Aug 30 '17 at 22:20
since all POST data are array itself. so you have to put mail code inside for loop itself. — Serving Quarantine period, Aug 30 '17 at 22:20
Email code needs to be in the loop because `$_POST` contains arrays — RiggsFolly, Aug 30 '17 at 22:22

score 1 · Accepted Answer · answered Aug 30 '17 at 22:24

You have to put your email code inside loop like below:-

 <html>
    <head>
    <title></title>
    </head>
    <body>
    <?php
        ini_set('display_errors', 1);
        error_reporting(~0);

        $serverName = "localhost";
        $userName = "root";
        $userPassword = "";
        $dbName = "blog_samples";

        $conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);

        $rows_count = count($_POST["name"]);

        for($i=0;$i<$rows_count;$i++){

            // PREVENTING SQL INJECTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

            $employee_name = mysqli_real_escape_string($conn,$_POST["employee_name"][$i]);
            $name = mysqli_real_escape_string($conn,$_POST["name"][$i]);
            $code = mysqli_real_escape_string($conn,$_POST["code"][$i]);
            $quantity = intval($_POST["quantity"][$i]);
            $price = mysqli_real_escape_string($conn,$_POST["price"][$i]);


            $sql = "INSERT INTO order_table ( employee_name, name, code, quantity, price) 
                VALUES ('$employee_name', '$name', '$code', '$quantity', '$price')";

            $query = mysqli_query($conn,$sql);
            if(mysqli_affected_rows($conn)>0) {
                echo "Record add successfully";
                $to = "test123@gmail.com";

                $subject = "Supplies";
                $headers = "From: user@gmail.com";  

                $message =

                "employee_name: " . $employee_name . " 

                " ."name: ".  $name ." 

                ". "code: " . $code . " 

                " ."quantity: ".  $quantity . " 

                ". "price: " . $price . "";


                mail($to,$subject,$message,$headers); 
            }

        }
    ?>
    </body>
    </html>

Note:- You code is vulnerable to SQL INJECTION. Use prepared statements as @RiggsFolly suggested in comments

got it that work. The only issue I have is it send each individual array instead of all together in one email — Donny, Aug 30 '17 at 22:30
All together in one mail is not possible until you use `cc` or `bcc` concept. — Serving Quarantine period, Aug 30 '17 at 22:32
so if I have like 10 items it will send 10 emails that would be to much I need to figure how to get it all in one email — Donny, Aug 30 '17 at 22:35
@Donny if you won't get suitable answer then ask a new question by showing your array data and ask how to add all mails into one to send single mail.You will get answer for-sure. Don't forget to add your effort ,what you did to accomplish your task. — Serving Quarantine period, Aug 30 '17 at 22:41

Having problems getting the email to send. keep getting Array to string conversion

1 Answers1