Page 2 of 2

Re: Database .php

Posted: Thu Oct 06, 2011 1:09 pm
by ebgames56
nothing it displays nothing, just a blank page

Re: Database .php

Posted: Thu Oct 06, 2011 1:18 pm
by Celauran

Code: Select all

<?php

if (isset($_POST['add']))
{
    require_once('mysqlCreds.php');
    $email = mysql_real_escape_string($_POST['email']);

    if (empty($email))
    {
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div>";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
    }

    $result = mysql_query("SELECT COUNT(*) FROM emailList WHERE email='$email'") or die(mysql_error());
    list($count) = mysql_fetch_row($result);
    if ($count != 0)
    {
        echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div>";
    }
    else
    {
        $query = "INSERT INTO emailList (id, email) VALUES('', '$email') ";
        mysql_query($query) or die(mysql_error());
        echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div>";
    }
}

?>

Re: Database .php

Posted: Thu Oct 06, 2011 1:20 pm
by ebgames56
you have them mixed up like when a email is already in database it adds it again and says thank you for subscribing, and whena emailinst in the data base it says this email is already subscribed and doesnt add it

Re: Database .php

Posted: Thu Oct 06, 2011 3:12 pm
by flying_circus
Take a look at this code example. You should always validate your input and check variable existance before referencing it. You should also ALWAYS escape data before insertion into a SQL Query (no exceptions).

Code: Select all

<?php
  # Is this a PostBack?
    if(isset($_POST['add'])) {
    # Imports
      require_once('mysqlCreds.php');
      
    # Variables
      $email = isset($_POST['email']) ? $_POST['email'] : '';
      
    # Validation
      if(empty($email)) {
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Please enter an email address to subscribe.</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
      }
      
    # Is email address already subscribed?
      $result = mysql_query(sprintf("SELECT * FROM `emailList` WHERE `email`='%s' LIMIT 1;",
                                    mysql_real_escape_string($email))) or die(mysql_error());
                                    
    # Check Results
      $num_rows = mysql_num_rows($result);
      
      if($num_rows === FALSE)
        exit('There is a Syntax Error in your SQL query.');
        
      if($num_rows > 0) {
      # Email Address already exists in the database
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>We are sorry, but this Email address is already subscribed.</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage/'>here</a></div>";
      } else {
      # New Email Address
        mysql_query(sprintf("INSERT INTO `emailList` (`email`) VALUES('%s');",
                            mysql_real_escape_string($email))) or die(mysql_error());
                            
        header('Refresh: 5; url=http://szeryk.com/homepage');
        echo "<div style='color: #FFFFFF;'>Thank you for subscribing to the newsleter!</div><br />";
        echo "<div style='color: #FFFFFF;'>If you aren't re-dreicted in a few seconds please click <a href='http://szeryk.com/homepage'>here</a></div>";
      }
    }
?>

Re: Database .php

Posted: Thu Oct 06, 2011 8:03 pm
by califdon
It appears that you have omitted a line:

Code: Select all

} else {
before your insert, so when the email does match one in the database it tries to add it again. You haven't stated whether the email field in the table is indexed uniquely, but if it is, the insert would fail.