Database .php
Moderator: General Moderators
Re: Database .php
nothing it displays nothing, just a blank page
Re: Database .php
Code: Select all
<?php
if (isset($_POST['add']))
{
require_once('mysqlCreds.php');
$email = mysql_real_escape_string($_POST['email']);
if (empty($email))
{
header('Refresh: 5; url=http://szeryk.com/homepage');
echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div>";
echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
}
$result = mysql_query("SELECT COUNT(*) FROM emailList WHERE email='$email'") or die(mysql_error());
list($count) = mysql_fetch_row($result);
if ($count != 0)
{
echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div>";
}
else
{
$query = "INSERT INTO emailList (id, email) VALUES('', '$email') ";
mysql_query($query) or die(mysql_error());
echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div>";
}
}
?>Re: Database .php
you have them mixed up like when a email is already in database it adds it again and says thank you for subscribing, and whena emailinst in the data base it says this email is already subscribed and doesnt add it
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Database .php
Take a look at this code example. You should always validate your input and check variable existance before referencing it. You should also ALWAYS escape data before insertion into a SQL Query (no exceptions).
Code: Select all
<?php
# Is this a PostBack?
if(isset($_POST['add'])) {
# Imports
require_once('mysqlCreds.php');
# Variables
$email = isset($_POST['email']) ? $_POST['email'] : '';
# Validation
if(empty($email)) {
header('Refresh: 5; url=http://szeryk.com/homepage');
echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div><br />";
echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
}
# Is email address already subscribed?
$result = mysql_query(sprintf("SELECT * FROM `emailList` WHERE `email`='%s' LIMIT 1;",
mysql_real_escape_string($email))) or die(mysql_error());
# Check Results
$num_rows = mysql_num_rows($result);
if($num_rows === FALSE)
exit('There is a Syntax Error in your SQL query.');
if($num_rows > 0) {
# Email Address already exists in the database
header('Refresh: 5; url=http://szeryk.com/homepage');
echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div><br />";
echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage/'>here</a></div>";
} else {
# New Email Address
mysql_query(sprintf("INSERT INTO `emailList` (`email`) VALUES('%s');",
mysql_real_escape_string($email))) or die(mysql_error());
header('Refresh: 5; url=http://szeryk.com/homepage');
echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div><br />";
echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
}
}
?>Re: Database .php
It appears that you have omitted a line:before your insert, so when the email does match one in the database it tries to add it again. You haven't stated whether the email field in the table is indexed uniquely, but if it is, the insert would fail.
Code: Select all
} else {