Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 187
  • Last Modified:

Gather Info from a form

Hello,
Currently there is a registration form (PHP) on  our website.  It is filled by users wanting to register to the site. Users enter infor such as name, address, email and such.  The information is kept on a table in a database.

What I would like to do is  automatically put the email typed into the email field on this form, unto a database table just for emails when the user clicks on the submit button.

Thank You
0
JParra72
Asked:
JParra72
  • 4
  • 3
1 Solution
 
Ray PaseurCommented:
The usual caveats apply about editing user input that is used in a query!!
<?php // CAPTURE EMAIL FROM POSTED FORM
 
// GET THE FIELD
$email = $_POST["email"];
 
// USE THIS OR mysql_real_escape_string() 
$email = addslashes($email);
 
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO my_table ( email ) VALUES ( \"$email\" );
/* Execute query, etc... */

Open in new window

0
 
JParra72Author Commented:
Ray,

If I don't want let the user know what I happens to the email address, do I just leave out the
/* Execute query, etc.... */    section?
0
 
Ray PaseurCommented:
You have to save those emails somewhere.  Presumably you would set up a data base table to hold those emails.  For the example, I am assuming it's called my_table.  To add the emails to the table you would use the PHP/MySQL call like this (see code snippet).

Unless your have an error that gets reported, or you choose to send something to the client machine, there is nothing exposed to the client.
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO my_table ( email ) VALUES ( \"$email\" );
if (!mysql_query($sql)) { die( mysql_error() ); }

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JParra72Author Commented:
Ok, please bare with me,

Below is what it is currently set up to insert into a db table called 'users' and it is working fine.  The name of the table where I wish to put the value txtEmail is 'opt_in_emails'.

Can an I add the suggested code to this existing code or do I have to enclose the code you suggested in its own <?php   ?>

Thanks for putting up with me.  I am still  a novice when it comes to php.


//insert into db
    $decrypted_pass = $txtPassword;
    $txtPassword = md5($txtPassword);
    $sql = mysql_query("INSERT INTO users (firstname, lastname, address, city, state, zipcode, phone, email, username, password, market1, production1, market2, production2, market3, production3, doingbusiness, anythingelse, spokenanyone, securitieslicensed, brokerdealer, signupdate, decrypted_password, activated) VALUES ('$txtFirstName', '$txtLastName', '$txtAddress', '$txtCity', '$mnuState', '$txtZipCode', '$txtPhone',  '$txtEmail', '$txtUserName', '$txtPassword', '$chkMarket1', '$mnuProduction1', '$chkMarket2', '$mnuProduction2', '$chkMarket3', '$mnuProduction3', '$txtDoingBiz', '$txtMisc', '$txtSpokenDFW', '$rdoLicensed', '$rdoBrokerDealer', '$signupdate', '$decrypted_pass', '$txtActivated')") or die (mysql_error());
                        if(!$sql){
                      echo 'There has been an error creating your account. Please contact the webmaster.';
                        } else {
                      $userid = mysql_insert_id();
0
 
JParra72Author Commented:
Please let me know id this looks ok.
<?php // CAPTURE EMAIL FROM POSTED FORM
 
// GET THE FIELD
$signupdate = $_POST["date"];
$txtEmail = $_POST["email"];
 
 
// USE THIS OR mysql_real_escape_string() 
$txtEmail = addslashes($txtEmail);
$signupdate = addslashes($signupdate);
 
 
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO opt_in_emails ( date, email ) VALUES ( \"$signupdate\", \"$txtEmail\" );
if (!mysql_query($sql)) { die( mysql_error() ); }
 
?>

Open in new window

0
 
Ray PaseurCommented:
Yes, it looks OK, however you might want to consider some editing/cleanup on those data fields.  For example, you might want to know if it is a valid date or a valid email address (and not a string of email addresses, like a spam attacker would put in!).

But as far as it goes, your code looks good enough to start testing.  Absent any mysql error that triggers the die() command, it will be executed silently.

best regards, ~Ray
0
 
JParra72Author Commented:
thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now