Gather Info from a form

Hello,
Currently there is a registration form (PHP) on  our website.  It is filled by users wanting to register to the site. Users enter infor such as name, address, email and such.  The information is kept on a table in a database.

What I would like to do is  automatically put the email typed into the email field on this form, unto a database table just for emails when the user clicks on the submit button.

Thank You
JParra72Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
The usual caveats apply about editing user input that is used in a query!!
<?php // CAPTURE EMAIL FROM POSTED FORM
 
// GET THE FIELD
$email = $_POST["email"];
 
// USE THIS OR mysql_real_escape_string() 
$email = addslashes($email);
 
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO my_table ( email ) VALUES ( \"$email\" );
/* Execute query, etc... */

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JParra72Author Commented:
Ray,

If I don't want let the user know what I happens to the email address, do I just leave out the
/* Execute query, etc.... */    section?
0
Ray PaseurCommented:
You have to save those emails somewhere.  Presumably you would set up a data base table to hold those emails.  For the example, I am assuming it's called my_table.  To add the emails to the table you would use the PHP/MySQL call like this (see code snippet).

Unless your have an error that gets reported, or you choose to send something to the client machine, there is nothing exposed to the client.
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO my_table ( email ) VALUES ( \"$email\" );
if (!mysql_query($sql)) { die( mysql_error() ); }

Open in new window

0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

JParra72Author Commented:
Ok, please bare with me,

Below is what it is currently set up to insert into a db table called 'users' and it is working fine.  The name of the table where I wish to put the value txtEmail is 'opt_in_emails'.

Can an I add the suggested code to this existing code or do I have to enclose the code you suggested in its own <?php   ?>

Thanks for putting up with me.  I am still  a novice when it comes to php.


//insert into db
    $decrypted_pass = $txtPassword;
    $txtPassword = md5($txtPassword);
    $sql = mysql_query("INSERT INTO users (firstname, lastname, address, city, state, zipcode, phone, email, username, password, market1, production1, market2, production2, market3, production3, doingbusiness, anythingelse, spokenanyone, securitieslicensed, brokerdealer, signupdate, decrypted_password, activated) VALUES ('$txtFirstName', '$txtLastName', '$txtAddress', '$txtCity', '$mnuState', '$txtZipCode', '$txtPhone',  '$txtEmail', '$txtUserName', '$txtPassword', '$chkMarket1', '$mnuProduction1', '$chkMarket2', '$mnuProduction2', '$chkMarket3', '$mnuProduction3', '$txtDoingBiz', '$txtMisc', '$txtSpokenDFW', '$rdoLicensed', '$rdoBrokerDealer', '$signupdate', '$decrypted_pass', '$txtActivated')") or die (mysql_error());
                        if(!$sql){
                      echo 'There has been an error creating your account. Please contact the webmaster.';
                        } else {
                      $userid = mysql_insert_id();
0
JParra72Author Commented:
Please let me know id this looks ok.
<?php // CAPTURE EMAIL FROM POSTED FORM
 
// GET THE FIELD
$signupdate = $_POST["date"];
$txtEmail = $_POST["email"];
 
 
// USE THIS OR mysql_real_escape_string() 
$txtEmail = addslashes($txtEmail);
$signupdate = addslashes($signupdate);
 
 
// MAKE UP AN INSERT QUERY
$sql = "INSERT INTO opt_in_emails ( date, email ) VALUES ( \"$signupdate\", \"$txtEmail\" );
if (!mysql_query($sql)) { die( mysql_error() ); }
 
?>

Open in new window

0
Ray PaseurCommented:
Yes, it looks OK, however you might want to consider some editing/cleanup on those data fields.  For example, you might want to know if it is a valid date or a valid email address (and not a string of email addresses, like a spam attacker would put in!).

But as far as it goes, your code looks good enough to start testing.  Absent any mysql error that triggers the die() command, it will be executed silently.

best regards, ~Ray
0
JParra72Author Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.