SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2010
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    INSERT INTO an SQL Database

    Hi all,

    I am trying to store data entered into a form on a webpage in an SQL Database. I am using PHP to send the data to the database - The same script also handles the sending of an email to a specified person. I have included the entire script below, as I'm not sure where exactly the error is. The email is working fine and I'm not getting any error messages either on screen or on my server's error log. But for some reason, the data is just not making it's way on to the database. When I view the database, it's still empty. I have checked all of the database details (username, password, name, host etc...) and it is all correct.

    I'm hoping somebody can point me in the right direction. Here is the script (I have blanked out the database details but they are present and are correct in the actual script).

    PHP Code:
    <?php

    if (isset($_POST['youremail']))
    {

    $url "http://ivegotkids.com/aries";
    $email $_POST['email'];
    $youremail $_POST['youremail'];
    $igkmail 'noreply@ivegotkids.com' ;
    $sender $_POST['yourname'];
    $recipient $_POST['friendname'];
    $subject 'I thought you might like this.';
    $comment $_POST['message'];
    $message "<img src='http://ivegotkids.com/wp-content/themes/thepink/images/logo.png'><br /><br />Hi <strong>"$recipient ".</strong> Your friend <strong>" $sender "</strong> saw this horoscope on ivegotkids.com and thought you might find it interesting. Visit the page here: (" $url ") <br /><br />
    <strong>"
    $sender ."</strong> included this message: <i>" $comment "</i><br /><br /><font size='1'>This is not spam. You have received this email because your friend " $sender " (" $youremail ") entered your details into our system. We may contact you again in the future with details of services we feel you may be interested in. If you do not want this then please email information@ivegotkids.com and we will remove your email address from our database.</font>";
    $from "" $sender " <" $youremail ">";
    $headers "From: " $from "\r\n";
    $headers .= "Reply-To: "strip_tags($_POST['youremail']) . "\r\n";
    $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

    mail($email$subjectstripslashes($message), $headers);

    echo 
    "Thank you! Your mail has been sent.";

    $con mysql_connect('xx.xx.xx.xx','xxxxxxxx','xxxxxxxx');
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }

    mysql_select_db('xxxxxxx'$con);

    mysql_query("INSERT INTO emails (Name, Email) VALUES ('"$sender .", "$youremail ."')");
    mysql_query("INSERT INTO emails (Name, Email) VALUES ('"$recipient .", "$email ."')");

    mysql_close($con);


    }
    else
    {
    echo 
    '
    <img src="http://ivegotkids.com/wp-content/themes/thepink/images/logo.png">
    <br /><br />
    <span class="formtitle">Send "<span class="pagetitle">I\'ve Got Kids!: Aries"</span> to a friend by e-mail.</span>
    <br />
    Fill out the form below and click on submit to send this to your friend.
    <br /><br />
    <form method="post">
    Your Name: <input type="text" name="yourname" length="40"/> <br />
    Your Email: <input type="text" name="youremail" length="50"/> <br /><br>
    Friend\'s Name: <input type"text" name="friendname" length="40" /><br>
    Friend\'s E-Mail: <input type="text" name="email" length="50" /><br /><br />
    Include a message from you:<br />
    <textarea rows="4" cols="50" name="message"> </textarea><br /><br />
    <input type="submit" value="Send To Friend">
    </form><br /><br />
    <span class="font-small">All data entered into this form will be collected and stored by ivegotkids.com (mEazy LTd.) in line with our Privacy Policy.</span>'
    ;
    }

    ?>
    I would also like to make the form safe from SQL Injection but have not succeeded. I need some pointers on how to do this.

  2. #2
    SitePoint Enthusiast
    Join Date
    Sep 2011
    Location
    Utah
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try putting "or die(mysql_error());" at the end of your mysql_query. Maybe your queries aren't working properly. Also you also can put this:

    ini_set('display_errors', 1);
    ini_set('log_errors', 1);
    ini_set('error_log', dirname(__FILE__) . '/error_log.txt');
    error_reporting(E_ALL);

    At the top of your php page and it will print our any errors, if you are having any. Hopefully this will help you debug it.

  3. #3
    SitePoint Zealot
    Join Date
    Oct 2010
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi there,

    Thank you for that suggestion. I managed to figure out through the errors displayed that I had forgotten to quote each value so it was taking it all as one value going into two columns. I have now fixed this.

    So how about my second question on how to prevent SQL Injections? Any ideas on the best way to do this? I know it's bad to input form data directly into a database so I want to check the form data first.

  4. #4
    SitePoint Zealot
    Join Date
    Oct 2010
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Got it covered. You can ignore the second question


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •