jbrill Posted July 3, 2007 Share Posted July 3, 2007 Im having serious mind blockage right now, Heres the problem: on my home-page i have a form for newsletter sign up, the customer enters their email in a text field and hits submit, once submit is clicked it process the form in "newsletter.php" I need to GET the email from the url and then insert it into table newsletter, row "email" heres my messed up code so far.. i don't even know if i'm even close... <?php if($_GET['email']!="") { $newsletter = 'INSERT INTO newsletter (email) VALUES (".$_GET['email'].")'; } ?> Quote Link to comment Share on other sites More sharing options...
jscix Posted July 3, 2007 Share Posted July 3, 2007 Assuming you've already connected to the database and everything? Then you should first: $filteredemail = htmlspecialchars($_GET['email']); // Check if the email is valid then $newsletters = mysql_query("INSERT INTO `newsletter.email` VALUES '" . $filteredemail . "'") or die("Unable to add entry"); Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 3, 2007 Share Posted July 3, 2007 Is that it? If its you're halsf way there. You need to now run that query by using mysql_query function - make sure you have connected to the database first before you run it. Also make sure you have validated and made any data that being used within an SQL is safe. Never use raw GET or POST data. If you do not validate/make data safe for use within an SQL query you database can be exploited using SQL Injection - search google for that term. There are many sites out there that explain what it is and how to avoid it. EDIT: jscix beat me :-) but make sure you pay attention to what I said in the paragraph above ^^^ Quote Link to comment Share on other sites More sharing options...
Varma69 Posted July 3, 2007 Share Posted July 3, 2007 You need to POST the email first. eg. $email=$_POST['email']; $newsletter = "INSERT INTO newsletter (email) Value ('$email')"; $rst = mysql_query($newsletter) or die("Could Not Insert"); [\code] The last line of code the "or die" statement could be removed, I use it to know if i have a problem with my queries Quote Link to comment Share on other sites More sharing options...
jbrill Posted July 3, 2007 Author Share Posted July 3, 2007 ok, so i used the following code and it is saying "unable to add entry" <? include 'includes/dbconnect.php' ?> <?php $filteredemail = htmlspecialchars($_GET['email']); // Check if the email is valid $newsletters = mysql_query("INSERT INTO `newsletter.email` VALUES '" . $filteredemail . "'") or die("Unable to add entry"); ?> Whats the problem? and how do i secure it in the database as you were talking about PS I also tried the following code: email=$_POST['email']; $newsletter = "INSERT INTO newsletter (email) Value ('$email')"; $rst = mysql_query($newsletter) or die("Could Not Insert"); and i was getting the could not insert error aswell.. Quote Link to comment Share on other sites More sharing options...
jbrill Posted July 3, 2007 Author Share Posted July 3, 2007 no more ideas on this? Quote Link to comment Share on other sites More sharing options...
sasa Posted July 3, 2007 Share Posted July 3, 2007 can you post structure of your db Quote Link to comment Share on other sites More sharing options...
jbrill Posted July 3, 2007 Author Share Posted July 3, 2007 well the "newsletter" table has two fields "id" and "email" Quote Link to comment Share on other sites More sharing options...
sasa Posted July 3, 2007 Share Posted July 3, 2007 what is type is that file ? Quote Link to comment Share on other sites More sharing options...
per1os Posted July 3, 2007 Share Posted July 3, 2007 <?php $newsletter = "INSERT INTO newsletter (email) VALUES ('$email')"; $rst = mysql_query($newsletter) or die("Could Not Insert:<br />MySQL Error:" . mysql_error()); // add this when debugging to produce the error The issue was the "VALUE" should of been "VALUES" that should solve the insert problem Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.