SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast Shane Is My Name's Avatar
    Join Date
    Oct 2009
    Location
    New York
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    should i not allow a form to auto fill my mysql database?

    Hello, I have an online form where a customer answers over 50 questions. it gets emailed to me... then I manually enter most of the data into a mysql database (via website / php)...

    I want to just set the form to automatically populate the mysql database... but is this kind of dangerous since before only i had access to the database, but now the form would have access, and anybody basically)?

    it would save me alot of manual data entry, but is it worth it just to keep the customers seperated from my database?

    just looking for opinions
    Shane

  2. #2
    SitePoint Wizard guelphdad's Avatar
    Join Date
    Oct 2003
    Location
    St. Catharines, ON Canada
    Posts
    1,708
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sanitize the data before it goes in the table. look up sql injections and plan accordingly. in php for instance you can use mysql_real_escape_string function.

    how many large sites do you think manually load data into their forms after retrieving it in an email?

  3. #3
    SitePoint Enthusiast Shane Is My Name's Avatar
    Join Date
    Oct 2009
    Location
    New York
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks.

    I was initially trying to have the email itself piped so that i could populate the table, but I could not comprehend the procedure at all. I read & researched all day & night.. it's just too complicated for me. lol. unfortunately.

    So then I decided to just have the form go directly into the mysql database once they submitted it...

    thanks for pointing out the mysql_real_escape_string... I'm definately goingto use that... would I still need to use parameterized SQL or stored procedures? Asking because they seem to be much more complicated to understand.. but If its best to use all, then I'll start trying to figure them out as well.

    thanks for your time...
    Im still learning.
    Shane


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •