Forgive me if I am not posting this in the right way. I will try and format the code correctly and ask the right questions.
I have created a script that upon html form completion does 2 things. 1, I am using a phpformmail script to send the form results to an email address. 2. I am using code off a tutorial to insert records into a MYSQL database. From a securtity point of view is this a dumb way to go about achieving the 2 desired functions? Should I seperated the formmail and insert record script? What is the best way to accomplish this? Any feedback would be apprecitaed.
I will post the script below.
<?php $username="user"; $password="pass"; $database="contact"; $first=$_POST['first']; $last=$_POST['last']; $phone=$_POST['phone']; $mobile=$_POST['mobile']; $fax=$_POST['fax']; $email=$_POST['email']; mysql_connect("localhost",$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email')"; mysql_query($query); mysql_close(); ?>