Untitled

Setup database as follows:
-----------------------------
| id   email   string   used|
-----------------------------

The `used` column is used (lol) to see if the code has been used (lol) yet
It's there just in case the row DOESN'T delete due to an error. If someone
tries to reuse the same code, it won't work because the value will be 1 instead
of the normal inputted 0.
<?php
    function safeEmail($email) {
    $email = eregi_replace('#','', $email);
    $length = strlen($email);
    for ($i = 0; $i < $length; $i++)
        $obfuscatedEmail .= "&#" . ord($email[$i]);  // creates ASCII HTML entity
    $return = '<a href="mailto:' . $obfuscatedEmail . '">'.$obfuscatedEmail.'</a>';
    return $return;
    }

    function check4email($string){
    $pattern = "#[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})#";
    preg_match_all($pattern, $string, $split);
    foreach ($split[0] as $value) {
        $email_to_find = '#' . $value . '#';
        $string = eregi_replace($email_to_find,safeEmail($value),$string);
    }
    return $string;
    }

?>
<?php
    //Housekeeping connectivity crap...
    $mysql_host = '';
    $mysql_username = '';
    $mysql_password = '';
    $db = '';

    mysql_connect($mysql_host,$mysql_username,$mysql_password);
    mysql_select_db($db);

    $e = $_GET['e'];
    $c = $_GET['c'];

    if(($e != "") && ($c != "")){
        $sql = "SELECT * FROM `donate` WHERE email = '$e' AND string = '$c'";
        if(mysql_num_rows($sql) != 1){
            die("ERROR: invalid values");
        } else {
            $email = check4email($e);
            $sql2 = "UPDATE `donate` SET used = 1 WHERE email = '$e' AND string = '$c'";
            $sql3 = "DELETE FROM `donate` WHERE email = '$e' AND string = '$c' LIMIT 1";
            if((mysql_query($sql2)) && (mysql_query($sql3))){
                //*******************************
                //
                //PUT CODE HERE TO UPGRADE PERSON
                //
                //*******************************
                mail($email, 'Upgrade', 'You have been upgraded!', 'From: service@paypal.com');
            } else {
                die("There was an error. Please try your request again.");
            }
        }
    } else {
        //This variable has to come from somewhere else...maybe some post data?
        $email = 'guitarman0831@aol.com';

        //The encoded email address, to be written to DB and in url
        $emailencode = safeEmail($email);

        //URL to send the donator
        //Use e as email and c as code, to avoid figuring out what the URL means
        $url = 'whateverdomain.com?e=' . $emailencode . '&c=' . $string;

        //Create your own message for the email, just putting this one for now
        $message = "Thank you for donating! Your unique link is " + $url;

        //Subject!
        $subject = "Donation";

        //Who should the email be from?
        $from = 'service@paypal.com'; //lol

        //Generate MD5 string!
        $length = 10;
        $characters = ‘0123456789abcdefghijklmnopqrstuvwxyz’;
        for ($p = 0; $p < $length; $p++) {
            $string .= $characters[mt_rand(0, strlen($characters))];
        }

        $sql = "INSERT INTO `donate` VALUES ('','$emailencode','$string','0')";
        if(mysql_query($sql)){
            mail($email, $subject, $message, "From: " . $from);
            die("Thank you for the donation!");
        } else {
            die("Oops! Something went wrong! Please try your query again.");
        }
    }
?>