rog1121 Posted April 25, 2011 Share Posted April 25, 2011 I have a Feedback form that I use to get peoples input. So far it works But I have 2 Problems Here is the Code: <?php include "includes/config.php"; $date = date('jS \of F h:i A'); $sql="INSERT INTO news (name, email, comments, date) VALUES ('$_POST[Name]', '$_POST[email]', '$_POST[comments]', '$date')"; header( 'Location: thanks.php' ); mysql_close($con) ?> I'm making a VB.net Feedback form and I want to imput like this http://mysite.com/feedback.php?name=Mike&email=test@test.net&comments=comment&date=20th of April 12:30 AM But so far from my testing it doesn't register the values and says that there is a Duplicate value for email ". I'd like it to register values somehow and if there is a duplicate email entered then have it update it or write over it. Any help appreciated, Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/ Share on other sites More sharing options...
spiderwell Posted April 25, 2011 Share Posted April 25, 2011 you are trying to retrieve using $_POST which is POST method in a form, but the long urlstring is using $_GET method. also raw form data into sql statement leaves you wide open to sql injection Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206117 Share on other sites More sharing options...
rog1121 Posted April 25, 2011 Author Share Posted April 25, 2011 I see, Is there anyway I could secure it and at the same time achieve the URL Submit? Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206119 Share on other sites More sharing options...
rog1121 Posted April 26, 2011 Author Share Posted April 26, 2011 Bump Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206258 Share on other sites More sharing options...
spiderwell Posted April 26, 2011 Share Posted April 26, 2011 how do you want the submission done, via a form or a link usually link is GET method, and you will see the info in the address bar form is POST method, and info is hidden when sent. Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206313 Share on other sites More sharing options...
saurabhx Posted April 26, 2011 Share Posted April 26, 2011 There is nothing wrong or insecure about sending data through GET, as long as you are not sending sensitive data like password or anything. To secure your code from sql injection attacks, you have to sanitize the user input variables before using them in query. For mysql, you can use php's addslashes() or mysql_real_escape_string to escape special characters. By the way, it is better to use $_POST['Name'] instead of $_POST[Name]. Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206331 Share on other sites More sharing options...
rog1121 Posted April 26, 2011 Author Share Posted April 26, 2011 Well I have both an online form and since I sell software I would like to integrate this into the program. The software uses the URL method where it is visible Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206575 Share on other sites More sharing options...
rog1121 Posted April 26, 2011 Author Share Posted April 26, 2011 OK I got it working with a different form and I'll fix the SQL Injection later. Thanks for the help guys! Quote Link to comment https://forums.phpfreaks.com/topic/234707-php-feedack-form-url-submit/#findComment-1206586 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.