Jump to content

Inserting into database

jbrill

By jbrill
in PHP Coding Help

 Share

Recommended Posts

jbrill Regular Member

jbrill

Posted
Posted

Im having serious mind blockage right now, Heres the problem:

 

on my home-page i have a form for newsletter sign up, the customer enters their email in a text field and hits submit, once submit is clicked it process the form in "newsletter.php" I need to  GET the email from the url and then insert it into table newsletter, row "email"

 

heres my messed up code so far.. i don't even know if i'm even close...

<?php

if($_GET['email']!="")
{

$newsletter = 'INSERT INTO newsletter (email) VALUES (".$_GET['email'].")';

}
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/58281-inserting-into-database/
Share on other sites
jscix Member

jscix

Posted
Posted

Assuming you've already connected to the database and everything?

 

Then you should first:

 

$filteredemail = htmlspecialchars($_GET['email']);

 

// Check if the email is valid

 

then

 

$newsletters = mysql_query("INSERT INTO `newsletter.email` VALUES '" . $filteredemail . "'") or die("Unable to add entry");

 

wildteen88 Regular Member

wildteen88

Posted
Posted

Is that it? If its you're halsf way there.

 

You need to now run that query  by using mysql_query function - make sure you have connected to the database first before you run it.

 

Also make sure you have validated and made any data that being used within an SQL is safe. Never use raw GET or POST data. If you do not validate/make data safe for use within an SQL query you database can be exploited using SQL Injection - search google for that term. There are many sites out there that explain what it is and how to avoid it.

 

EDIT: jscix beat me :-) but make sure you pay attention to what I said in the paragraph above ^^^

Varma69 Newbie

Varma69

Posted
Posted

You need to POST the email first. eg.

 


$email=$_POST['email'];

$newsletter = "INSERT INTO newsletter (email) Value ('$email')";
$rst = mysql_query($newsletter) or die("Could Not Insert");


[\code]


The last line of code the "or die" statement could be removed, I use it to know if i have a problem with my queries

jbrill Regular Member

jbrill

Posted
  • Author
Posted

ok, so i used the following code and it is saying "unable to add entry"

<? include 'includes/dbconnect.php' ?>
<?php
$filteredemail = htmlspecialchars($_GET['email']);

// Check if the email is valid


$newsletters = mysql_query("INSERT INTO `newsletter.email` VALUES '" . $filteredemail . "'") or die("Unable to add entry");
?>

 

Whats the problem? and how do i secure it in the database as you were talking about

 

PS I also tried the following code: 

email=$_POST['email'];

$newsletter = "INSERT INTO newsletter (email) Value ('$email')";
$rst = mysql_query($newsletter) or die("Could Not Insert");

 

and i was getting the could not insert error aswell..

per1os Member

per1os

Posted
Posted 

<?php
$newsletter = "INSERT INTO newsletter (email) VALUES ('$email')";
$rst = mysql_query($newsletter) or die("Could Not Insert:<br />MySQL Error:" . mysql_error()); // add this when debugging to produce the error

 

The issue was the "VALUE" should of been "VALUES" that should solve the insert problem

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.