Form submission to mysql and email

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
burnside
Forum Newbie
Posts: 8
Joined: Tue May 05, 2009 11:38 pm

Form submission to mysql and email

Post by burnside »

Hi,

I have data from a form and want to input it into mysql and also send that data to an email address. What is the best practice for formatting this data?

I believe when inserting the data into mysql, I should be mysql_real_escape_string(), correct? I've also heard of using htmlentities.

When sending an email, do I just send the data as is or should I do any pre-formatting?

I'm trying to avoid XSS and make this submission pretty secure of course. :wink:

Thanks again!
b
david64
Forum Commoner
Posts: 53
Joined: Sat May 02, 2009 8:12 am
Location: Wales

Re: Form submission to mysql and email

Post by david64 »

Best bet is to use the bindParam and bindValue methods in the PDO class as this automatically does escaping. Otherwise just use the real escape method.

See: http://www.php.net/pdo
burnside
Forum Newbie
Posts: 8
Joined: Tue May 05, 2009 11:38 pm

Re: Form submission to mysql and email

Post by burnside »

Thanks for your insight. Got it working nicely in the end!
Post Reply