Topic awaiting preservation: Why oh why!?! (Page 1 of 1) |
|
---|---|
Neurotic (0) Inmate Newly admitted From: |
posted 07-09-2007 20:38
Hi Guys, hope someone can shed some light...am going to eat the desk soon. code: <?php include "connect.php"; if(isset($_POST['submit'])) //if submit was pushed { $email=$_POST['email']; $checkdups="SELECT * from feedback where email='$email'"; $checkdups2=mysql_query($checkdups) or die("Could not check duplicates"); $checkdups3=mysql_num_rows($checkdups2); if(strlen($email)<4 || substr_count($email," ")>0) { print "That is not a valid email address. Please try again."; } else if($checkdups3>0) { print "That email is already in our database."; } else { srand((double)microtime()*1000000); //sets random seed $string = md5(rand(0,1000000)); $thekey=$string; $insertemail="INSERT into feedback (email,validkey,category) values('$email','$thekey','$value')"; mysql_query($insertemail) or die("Could not insert mail"); mail($email,"TEST","Dear colleague, please validate your account by clicking this link: $path/validate.php?email=$email&string=$string","From: $adminmail"); print "Thank you. A validation link has been sent to your email, please make sure you click on the link to verify your account."; } } else { print "<form action='Review_2.php' method='post'>"; print "<br>"; print "To subscribe please enter your Email:<br><br>"; print "<input type='text' name='email' size='40'><br><br>"; $category = array( 1=> "A", 2=> "B", 3=> "C", ); $category = str_replace(" ", " ", $category); echo '<SELECT name=category>'; foreach ($category as $key => $value) { echo '<OPTION value='.$value.'> '.$value.''; } echo '</select>'; print "<input type='submit' name='submit' value='Submit'></form>"; } ?>
|
Maniac (V) Mad Scientist with Finglongers From: Germany |
posted 07-09-2007 23:18
argh. the other machine ate my (lengish, in depth) post... |
Obsessive-Compulsive (I) Inmate From: |
posted 07-10-2007 10:31
Good man Tyberius, new to this game but will read up on sql & mail injection (have a great big book to get through!). |
Maniac (V) Mad Scientist with Finglongers From: Germany |
posted 07-10-2007 11:29
var_dump($_POST); is your friend to see what acutally get's transmited to your page... |
Nervous Wreck (II) Inmate From: |
posted 07-10-2007 12:38
A friend indeed! It appears to be picking up the variable but not inserting into DB. Gets the email in ok. mmmn, have checked spelling...will dbl check. array(3) { ["email"]=> string(20) "myemail@xx.xx.xx" ["category"]=> string(1) "B" ["submit"]=> string(6) "Submit" } |
Maniac (V) Mad Scientist with Finglongers From: Germany |
posted 07-10-2007 13:21
well, the other point is, you really should be using $_POST['your_variable'] instead of $variable - php->register_globals = on is sooooo last century and a continous joy of legacy problems... |
Nervous Wreck (II) Inmate From: |
posted 07-10-2007 13:58
Good man, finally working! If ever you are down on your luck in Edinburgh Tyberius, there is a shot of whiskey reserved. |