Hi there,
Can anyone see what is wrong with this code? I've been fiddling about with it for days now and just can't get it to work. I know it's something small and silly but I just can't find it!
Thanks in advance for any help. It is much appriciated.
<?php
$con = mysql_connect("**********","**********","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("safe", $con);
$number = preg_replace('/[^0-9]/', '', $_POST['number']);
$number = (int) $number;
$realname = mysql_real_escape_string($_POST['realname');
if (substr_count("@", $_POST['email']) == 1){
$email = mysql_real_escape_string($_POST['email']);
} else {
die("Your email doesn't appear to be valid, please double check it and resubmit");
}
$comments = mysql_real_escape_string($_POST['comments']);
$sql="INSERT INTO Enquiries (Name, Number, Email, Comments, Date)
VALUES
('$realname','$number','$email','$comments', CURDATE())";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "";
mysql_close($con)
?>
Thanks again. Kind regards
Mike
MySQL_real escape_string
Moderator: General Moderators
Re: MySQL_real escape_string
You are missing the closing square bracket for the $_POST['realname']
-Greg
-Greg
- DigitalMind
- Forum Contributor
- Posts: 152
- Joined: Mon Sep 27, 2010 2:27 am
- Location: Ukraine, Kharkov
Re: MySQL_real escape_string
sss123, read error messages in future
Re: MySQL_real escape_string
Hi Greg,
Thank you very much for your useful post. That has solved the problem. However I wonder if you could check one more line of the code:
if (substr_count("@", $_POST['email']) == 1){
$email = mysql_real_escape_string($_POST['email']);
} else {
die("Your email doesn't appear to be valid, please double check it and resubmit");
}
For some reason, even if a normal email address (e.g. my own) is entered, it won't accept it. It displays "Your email doesn't appear to be valid..."
Thanks again for your time and help. It is much appriciated.
Kind regards
Mike
Thank you very much for your useful post. That has solved the problem. However I wonder if you could check one more line of the code:
if (substr_count("@", $_POST['email']) == 1){
$email = mysql_real_escape_string($_POST['email']);
} else {
die("Your email doesn't appear to be valid, please double check it and resubmit");
}
For some reason, even if a normal email address (e.g. my own) is entered, it won't accept it. It displays "Your email doesn't appear to be valid..."
Thanks again for your time and help. It is much appriciated.
Kind regards
Mike
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: MySQL_real escape_string
Why don't you actually try validating against the email, instead of just checking for the @ symbol.
Code: Select all
if (!empty($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
echo 'valid email';
} else {
echo 'not valid email';
}Re: MySQL_real escape_string
Hi John,
Thank you for your post. I will replace my code with yours!
What does validating actually do?
Kind regards,
Mike
Thank you for your post. I will replace my code with yours!
What does validating actually do?
Kind regards,
Mike
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: MySQL_real escape_string
It ensures your email is of proper format.–verb (used with object), -dat·ed, -dat·ing.
1.
to make valid; substantiate; confirm: Time validated our suspicions.