OK - I have this page of code that allows users to submit ergo (rowing) times - written in php using mysql as a database. It works perfectly, but I would like it to send an e-mail to me with the request while putting that user data "on hold" - to be accepted by me later. ie: It doesn't get submitted automatically - it gets added to a queue (I don't mind having to go into MySQL and having to add the info manually). Could someone please tell me how to change the following code so that it could do that?

Thanks in advance...


<html>
<head>
<title>Ergo Recording Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>

&nbsp;<p>
<h1>Ergo Recording Page</h1>
Simple Page where you can record your ergo times and compare them to other people.<p>
<p>
<?
if(!mysql_connect("localhost","root",""))
{
echo "<h2>Unable to connect!</h2>";
die();
}
mysql_select_db("ergos");
?>
<h2>Current Rowers</h2>
<table border=0 cellpadding=0 cellspacing=0>
<tr bgcolor=#f87820>
<td><img src=img/blank.gif width=10 height=25></td>
<td class=tabhead><img src=img/blank.gif width=200 height=6><br><b>Rower Name</b></td>
<td class=tabhead><img src=img/blank.gif width=200 height=6><br><b>Rower Club</b></td>
<td class=tabhead><img src=img/blank.gif width=50 height=6><br><b>Year Born</b>&nbsp&nbsp&nbsp&nbsp&nbsp</td>
<td class=tabhead><img src=img/blank.gif width=100 height=6><br><b>Time</b></td>
<td class=tabhead><img src=img/blank.gif width=100 height=6><br><b>Location</b></td>
<td><img src=img/blank.gif width=10 height=25></td>
</tr>

<?
if($name!="")
{
if($birthyear=="")$birthyear="NULL";
mysql_query("INSERT INTO ergos (club,name,birthyear,time,location) VALUES('$club','$name',$birthyear,'$time','$locati on');");
}
if($action=="del")
{
mysql_query("DELETE FROM ergos WHERE id=$id;");
}
$result=mysql_query("SELECT id,club,name,birthyear,time,location FROM ergos ORDER BY name;");

$i=0;
while( $row=mysql_fetch_array($result) )
{
if($i>0)
{
echo "<tr valign=bottom>";
echo "<td bgcolor=#ffffff background='img/strichel.gif' colspan=6><img src=img/blank.gif width=1 height=1></td>";
echo "</tr>";
}
echo "<tr valign=center>";
echo "<td class=tabval><img src=img/blank.gif width=10 height=20></td>";
echo "<td class=tabval><b>".$row['name']."</b></td>";
echo "<td class=tabval>".$row['club']."&nbsp;</td>";
echo "<td class=tabval>".$row['birthyear']."&nbsp;</td>";
echo "<td class=tabval>".$row['time']."&nbsp;</td>";
echo "<td class=tabval>".$row['location']."&nbsp;</td>";
echo "<td class=tabval></td>";
echo "</tr>";
$i++;
}
echo "<tr valign=bottom>";
echo "<td bgcolor=#fb7922 colspan=6><img src=img/blank.gif width=1 height=8></td>";
echo "</tr>";

?>
</table>
<h2>ADD new rower</h2>
<form action=ergos.php method=get>
<table border=0 cellpadding=0 cellspacing=0>
<tr><td>Name (Full):</td><td><input type=text size=30 name=name></td></tr>
<tr><td>Your Club:</td><td> <input type=text size=30 name=club></td></tr>
<tr><td>Year Born:</td><td> <input type=text size=4 name=birthyear></td></tr>
<tr><td>2K Time:</td><td> <input type=text size=10 name=time value="00:00:00"></td></tr>
<tr><td>Location:</td><td> <input type=text size=30 name=location></td></tr>
<tr><td></td><td>
<input type=submit border=0 value="ADD ROWER"></a></td></tr>
</table>
</form>
<p>
</body>
</html>


It won't look too pretty without the stylesheet or images but it's too much hassle to upload them...

If I were you I would design your mysql schema something like this:

users (
userid auto increment primary key,
uname varchar(64) index unique,
password varchar(256) NOT NULL,
email_address varchar(256),
)


times (
submission_id auto increment primary key,
racename varchar(255),
userid references users(userid),
atime timestamp,
approved boolean
)


That would give you a normalized set of tables that are referential; and it would give you the ability to approve a time before it's displayed. If you have sendmail set up on the box (which you will need), you can use mail(). If not you should read the RFC for SMP [but only if there is some overriding reason not to use sendmail] and perhaps roll your own mailing method; or use pear's.

Another thing I noticed about your script is it relies on registered globals rather than using the post super global, this is a bad habbit, it should stop. Instead of using $variablename for a post value start using $_POST['name']. You also have no input sanitization going on in your script, you should be using mysql_escape_string if magicquotes is not turned on. Registering globals is especially bad if you are not in the habit of initializing all variables before their use; it could result in variable poisoning.