<?php include_once 'include/base/page.php'; include_once 'include/mysql.php'; include_once 'include/functions.php'; $id = $_GET['card_id']; //The Andrew Clause: //A friend of mine sent a real card to his mom already, and since the mail text was not updated, his card would be broken without this line. ;) if (!$id) { $id = $_GET['id']; } $page = new Page(); $page->begin(); $get_card = "SELECT `to_first_name`, `to_last_name`, `template_id`, `message`, `sender_id` FROM `cards` WHERE `hash_id`='" . $mysqli->real_escape_string($id) . "'"; $record = $mysqli->query($get_card) or die; if (!$record) { echo "Error: " . $mysqli->error; } ?> <h1>Thank you for sending your card!</h1> <div id="final-card"> <?php while ($card_object = $record->fetch_assoc()) { echo '<img src="/image.php?card_id=' . $id . '" class="final-card">'; $get_sender = "SELECT `first_name`, `email_address` FROM `senders` WHERE `id`='" . $card_object['sender_id'] . "'"; $sender_object = $mysqli->query($get_sender) or die; break; } ?>