StevenJacobs Posted January 3, 2013 Share Posted January 3, 2013 Hey, im new to the forum. I just started getting into php, so im sure this is probably a easy fix. Iv been searching for 2 days for a solution and none of them have worked, starting to get frustrated so I'm hoping somebody can help me out. I have a basic form with a text feild and submit button for subscribing to a email newsletter. Its inserting fine into my database but iv been trying to get it to validate tht it is an email and to prevent null from being enter.. I was just able to get the validation to half work. If you type in a non email it will show an error saying its not valid BUT it still enters it into my database. The code is below. im useing dreamweaver cs6, so im guessing the php code that dreamweaver used to insert the record is being sent first before the validation code, im guessing i need to combine the two somehow and tell it which order to use? or what am i doing wrong? Thank you for any help. <?php require_once('Connections/subscribers.php'); ?> <?php if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } else { $errors .= 'Please enter your email address.<br/>'; } { echo '<div style="color: red">' . $errors . '<br/></div>'; } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); mysql_select_db($database_subscribers, $subscribers); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } ?> <form name="form01" action="<?php echo $editFormAction; ?>" method="POST" id="email"> <input type="submit" name="submit" value="Subscribe:"> <input type="text" name="email" onfocus="if (this.value == 'Email...') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Email...';}" value="<?php echo $_POST['email']; ?>"/> <input type="hidden" name="MM_insert" value="email"> </form> Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted January 4, 2013 Share Posted January 4, 2013 First thing, Welcome to the forums. There are a couple of things I'd like to cover. first is Don't use Dreamweaver for coding PHP. It's a good design tool, but sucks ass as a development tool (IMO). I would suggest a couple of alternatives : eclipse (if you don't mind learning how to set it up with php support) pspad/notepad++/sublime text - these are text editors that provide code highlighting and syntax help As much as I hat to say it Microsoft Expression Web 4 is a decent paid for solution Zend Studio 9 is also a paid for IDE (Integrated Development Environment) that comes with a few extras (but a somewhat over zealous error detection) Next up, when posting code in the forums please wrap it inside either php or code bbtags. Finaly, to address the problem with the code, you need to wrap your database insert section of the script inside an else for your logic check. so some simple psudocode would look like this : IF no email entered OR IF email is bad > Show Error ELSE > Add email to database Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 4, 2013 Author Share Posted January 4, 2013 (edited) awesome! thank you for the help, i knew it was going to be something very simple.. that makes alot of sence. thank you for the suggestions as well, i will look into them. sorry for not posting the code correctly, i didnt know. But that fixed the problem and created a new one.. It is not entering non validated information in the database now, but it is also not entering valid information into it either. Any ideas what is going on? Edited January 4, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted January 4, 2013 Share Posted January 4, 2013 let's see your updated code so we can see what's happening now. Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 4, 2013 Author Share Posted January 4, 2013 Of course.. This is the correct way to post code right? <?php require_once('Connections/subscribers.php'); ?> <?php if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } else { $errors .= 'Please enter your email address.<br/>'; } { echo '<div style="color: red">' . $errors . '<br/></div>'; } } else { if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); mysql_select_db($database_subscribers, $subscribers); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } ?> <form action="<?php echo $editFormAction; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/> <input type="submit" name="Submit" /> <input type="hidden" name="MM_insert" value="form1" /> </form> Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 4, 2013 Share Posted January 4, 2013 Try to use this pattern in your switch statement. $theValue = ($theValue != "") ? "'" . $theValue . "'" : FALSE; Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 4, 2013 Author Share Posted January 4, 2013 To make sure im understanding this. you mean change $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; to $theValue = ($theValue != "") ? "'" . $theValue . "'" : FALSE; ? If so, that did not work. Still not getting any data inserted. Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 4, 2013 Share Posted January 4, 2013 Put this line of code on the top of the page and run the script again: error_reporting(-1); Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 4, 2013 Author Share Posted January 4, 2013 (edited) sweet, that is going to be a useful code. thank you.. so its giving me three errors depending on if i type in an email no email or wrong email. Telling me the same thing, just on different lines. This if i type in an email: Strict Standards: main() [function.main]: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CST/-6.0/no DST' instead in /home/steven/public_html/testing.php on line17 Notice: Undefined variable: errors in /home/steven/public_html/testing.php on line 17 This if i type in a wrong email: Strict Standards: main() [function.main]: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CST/-6.0/no DST' instead in /home/steven/public_html/testing.php on line12 Notice: Undefined variable: errors in /home/steven/public_html/testing.php on line 12 and this is i type in no email: Strict Standards: main() [function.main]: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CST/-6.0/no DST' instead in /home/steven/public_html/testing.php on line15 Notice: Undefined variable: errors in /home/steven/public_html/testing.php on line 15 Heres the lines: 7 if (isset($_POST['Submit'])) { 8 9 if ($_POST['email'] != "") { 10 $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); 11 if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 12 $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; 13 } 14 } else { 15 $errors .= 'Please enter your email address.<br/>'; 16 } { 17 echo '<div style="color: red">' . $errors . '<br/></div>'; 18 } 19 } else { Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 (edited) Run that one and post back the result: <?php require_once('Connections/subscribers.php'); date_default_timezone_set('America/Chicago'); $errors = NULL; if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } else { $errors .= 'Please enter your email address.<br/>'; } { echo '<div style="color: red">' . $errors . '<br/></div>'; } } else { if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); mysql_select_db($database_subscribers, $subscribers); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } ?> <form action="<?php echo $editFormAction; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/> <input type="submit" name="Submit" /> <input type="hidden" name="MM_insert" value="form1" /> </form> EDIT: Instead of "NULL" use FALSE in your switch statement. Edited January 5, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) ok its working fine now if i use a non valid email or empty email, no errors. but its still not entering a valid email into the database and its giving me a new error. Heres the error: Notice: Undefined variable: errors in /home/steven/public_html/testing.php on line 19 Heres the code: 9 if (isset($_POST['Submit'])) { 10 11 if ($_POST['email'] != "") { 12 $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); 13 if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 14 $errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; 15 } 16 } else { 17 $errors .= 'Please enter your email address.<br/>'; 18 } { 19 echo '<div style="color: red">' . $errors . '<br/></div>'; 20 } 21 } else { Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 Don't use $_SERVER['PHP_SELF']. ChristianF has a good tutorial in that forum how to use it. Try, <?php include ('Connections/subscribers.php'); date_default_timezone_set('America/Chicago'); if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors = "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } if (isset($errors)) { echo '<div style="color: red">' . $errors . '<br/></div>'; return false; } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); mysql_select_db($database_subscribers, $subscribers); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/> <input type="submit" name="Submit" /> <input type="hidden" name="MM_insert" value="form1" /> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) awesome that works!.. It is now entering valid emails and not entering null or invalid emails. ill have to check that out, thank you for the help. One question tho. how come after i hit submit the form and submit button now disappear, is there a way to show the error or a success message with the form and submit button still visible? Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) Sorry to bug you, u have already helped me out tremendously. but i have one last question. how can i validate that the email isn't in the database, to prevent multiple same emails being entered? Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 (edited) @StevenJacobs, sorry for the delay I had a plumbing issue in my apartment. It could be something like this: <?php include ('Connections/subscribers.php'); date_default_timezone_set('America/Chicago'); if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors = "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } if (isset($errors)) { echo '<div style="color: red">' . $errors . '<br/></div>'; return false; } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { mysql_select_db($database_subscribers, $subscribers); $check_email = sprintf("SELECT `EMAIL` FROM `subscribers` WHERE `EMAIL` = '%s'", GetSQLValueString($_POST['email'], "text")); $result = mysql_query($check_email, $subscribers) or die(mysql_error()); if(mysql_num_rows($result) > 0) { echo 'Sorry, but this email has been already taken'; return false; } $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/> <input type="submit" name="Submit" /> <input type="hidden" name="MM_insert" value="form1" /> </form> <?php } ?> Edited January 5, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) oh thats no problem-oh man. thats exactly what i was trying to work with early. but its giving an error code and not inserting valid emails. Notice: Undefined variable: editFormAction in /home/steven/public_html/testing.php on line 59 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'art.stevenjacobs@yahoo.com''' at line 1 58 if (isset($_SERVER['QUERY_STRING'])) { 59 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); 60 } Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 (edited) Try, <?php include ('Connections/subscribers.php'); date_default_timezone_set('America/Chicago'); if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors = "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } if (isset($errors)) { echo '<div style="color: red">' . $errors . '<br/></div>'; return false; } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { mysql_select_db($database_subscribers, $subscribers); $check_email = sprintf("SELECT `EMAIL` FROM `subscribers` WHERE `EMAIL` = '%s'", GetSQLValueString($_POST['email'], "text")); $result = mysql_query($check_email, $subscribers) or die(mysql_error()); if(mysql_num_rows($result) > 0) { echo 'Sorry, but this email has beed already taken'; return false; } $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } else { $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } ?> <form action="<?php echo $editFormAction; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" value="" size="50"/> <br/><br/> <input type="hidden" name="MM_insert" value="form1" /> <input type="submit" name="Submit" /> </form> <?php } ?> EDIT: I want to know, what action do you get when the form has been submitted? Put it this line of code immediately after if (isset($_POST['Submit'])) and give the result back : if (isset($_POST['Submit'])) { echo '<pre>.print_r($editFormAction, true).'</pre>; exit; etc........... Edited January 5, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 well that took away the first error, but still not inserting valid emails. now its just saying: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'art.stevenacobs@yahoo.com''' at line 1 Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 (edited) OK, after $insertSQL on the line #69, put it this line of code and give me back the result: $insertSQL = sprintf("INSERT INTO subscribers (EMAIL) VALUES (%s)", GetSQLValueString($_POST['email'], "text")); echo $insertSQL; exit; Also, enclose %s with single quotes. How many numbers of columns you have in table, named: subscribers ? $insertSQL = sprintf("INSERT INTO subscribers (`EMAIL`) VALUES ('%s')", GetSQLValueString($_POST['email'], "text")); Edited January 5, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 5, 2013 Share Posted January 5, 2013 The query error is actually occurring in the SELECT query, because there are single-quotes in the query statement and the DW GetSQLValueString() function is adding single-quotes around the value, giving two sets of single-quotes, which breaks the sql syntax. Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 it didnt change anything Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) still didnt change anything. and i only have two columns. ID and EMAIL. Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted January 5, 2013 Share Posted January 5, 2013 Let us see your code. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 5, 2013 Share Posted January 5, 2013 See post #20 in this thread, that I made while you were writing your reply in post #21. Quote Link to comment Share on other sites More sharing options...
StevenJacobs Posted January 5, 2013 Author Share Posted January 5, 2013 (edited) Sure. <?php include ('Connections/subscribers.php'); date_default_timezone_set('America/Chicago'); if (isset($_POST['Submit'])) { if ($_POST['email'] != "") { $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors = "$email is <strong>NOT</strong> a valid email address.<br/><br/>"; } } else { $errors .= 'Please enter your email address.<br/>'; } if (isset($errors)) { echo '<div style="color: red">' . $errors . '<br/></div>'; return false; } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { mysql_select_db($database_subscribers, $subscribers); $check_email = sprintf("SELECT `EMAIL` FROM `subscribers` WHERE `EMAIL` = '%s'", GetSQLValueString($_POST['email'], "text")); $result = mysql_query($check_email, $subscribers) or die(mysql_error()); if(mysql_num_rows($result) > 0) { echo 'Sorry, but this email has beed already taken'; return false; } $insertSQL = sprintf("INSERT INTO subscribers (`EMAIL`) VALUES ('%s')", GetSQLValueString($_POST['email'], "text")); echo $insertSQL; exit; $Result1 = mysql_query($insertSQL, $subscribers) or die(mysql_error()); } } else { $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form1" method="POST"> Email Address: <br/> <input type="text" name="email" onfocus="if (this.value == 'Email...') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Email...';}" value="<?php echo $_POST['email']; ?>Email..." size="50"/> <br/><br/> <input type="submit" name="Submit" /> <input type="hidden" name="MM_insert" value="form1" /> </form> <?php } ?> Edited January 5, 2013 by StevenJacobs Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.