Database .php

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

ebgames56
Forum Contributor
Posts: 103
Joined: Thu Oct 06, 2011 10:43 am

Re: Database .php

Post by ebgames56 »

nothing it displays nothing, just a blank page
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Database .php

Post by Celauran »

Code: Select all

<?php

if (isset($_POST['add']))
{
    require_once('mysqlCreds.php');
    $email = mysql_real_escape_string($_POST['email']);

    if (empty($email))
    {
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div>";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
    }

    $result = mysql_query("SELECT COUNT(*) FROM emailList WHERE email='$email'") or die(mysql_error());
    list($count) = mysql_fetch_row($result);
    if ($count != 0)
    {
        echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div>";
    }
    else
    {
        $query = "INSERT INTO emailList (id, email) VALUES('', '$email') ";
        mysql_query($query) or die(mysql_error());
        echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div>";
    }
}

?>
ebgames56
Forum Contributor
Posts: 103
Joined: Thu Oct 06, 2011 10:43 am

Re: Database .php

Post by ebgames56 »

you have them mixed up like when a email is already in database it adds it again and says thank you for subscribing, and whena emailinst in the data base it says this email is already subscribed and doesnt add it
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Database .php

Post by flying_circus »

Take a look at this code example. You should always validate your input and check variable existance before referencing it. You should also ALWAYS escape data before insertion into a SQL Query (no exceptions).

Code: Select all

<?php
  # Is this a PostBack?
    if(isset($_POST['add'])) {
    # Imports
      require_once('mysqlCreds.php');
      
    # Variables
      $email = isset($_POST['email']) ? $_POST['email'] : '';
      
    # Validation
      if(empty($email)) {
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
      }
      
    # Is email address already subscribed?
      $result = mysql_query(sprintf("SELECT * FROM `emailList` WHERE `email`='%s' LIMIT 1;",
                                    mysql_real_escape_string($email))) or die(mysql_error());
                                    
    # Check Results
      $num_rows = mysql_num_rows($result);
      
      if($num_rows === FALSE)
        exit('There is a Syntax Error in your SQL query.');
        
      if($num_rows > 0) {
      # Email Address already exists in the database
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage/'>here</a></div>";
      } else {
      # New Email Address
        mysql_query(sprintf("INSERT INTO `emailList` (`email`) VALUES('%s');",
                            mysql_real_escape_string($email))) or die(mysql_error());
                            
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
      }
    }
?>
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Database .php

Post by califdon »

It appears that you have omitted a line:

Code: Select all

} else {
before your insert, so when the email does match one in the database it tries to add it again. You haven't stated whether the email field in the table is indexed uniquely, but if it is, the insert would fail.
Post Reply