$sent = 0;
if ($_POST["all"] || $_POST["check"]) {
$field = idf_escape($_POST["email_field"]);
- $result = $dbh->query("SELECT DISTINCT $field FROM " . idf_escape($_GET["select"])
+ $subject = $_POST["email_subject"];
+ $message = $_POST["email_message"];
+ preg_match_all('~\\{\\$([a-z0-9_]+)\\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
+ $result = $dbh->query("SELECT DISTINCT $field, " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) . " FROM " . idf_escape($_GET["select"])
. " WHERE $field IS NOT NULL AND $field != ''"
. ($where ? " AND " . implode(" AND ", $where) : "")
. ($_POST["all"] ? "" : " AND ((" . implode(") OR (", array_map('where_check', (array) $_POST["check"])) . "))")
);
- while ($row = $result->fetch_row()) {
- if (is_email($row[0]) && mail($row[0], email_header($_POST["email_subject"]), $_POST["email_message"],
+ while ($row = $result->fetch_assoc()) {
+ $replace = array();
+ foreach ($matches[1] as $val) {
+ $replace['{$' . "$val}"] = $row[$val]; //! substitute foreign keys
+ }
+ $email = $row[$_POST["email_field"]];
+ if (is_email($email) && mail($email, email_header(strtr($subject, $replace)), strtr($message, $replace),
"MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 8bit"
. (is_email($_POST["email_from"]) ? "\nFrom: $_POST[email_from]" : "") //! should allow address with a name but simple application of email_header() adds the default server domain
)) {
projects / adminer.git / commitdiff