0

Hi, just starting out with PHP, etc. Seem to be picking things up quickly. Just want some advice on how secure things are e.g. entering email address into the database, etc. Look forward to some help and advice.

<?php
error_reporting(0);
$email = "";
$msg_to_user = "";
if ($_POST['email']!=""){
	include_once "connection.php";
	
	$email = $_POST['email'];
	
	$sql = mysql_query("SELECT * FROM addresses WHERE email='$email'");
	$numRows = mysql_num_rows($sql);
	
	if (!$email){
	$msg_to_user = '<div class="msg_to_user">Please type an email address.</div>';
	}
	
	else if ($numRows>0){
	$msg_to_user = '<div class="msg_to_user">'.$email.' is already in the system.</div>';
	}
	else {
	$sql_insert=mysql_query("INSERT INTO addresses (email, dateTime) 
	VALUES('$email',now())") or die (mysql_error());
	
	
	$msg_to_user='<div class="msg_to_user_success">You have been added successfully.</div>';	
	$email="";
	}
	}
?>
3
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by Dragonbaki
0

What do you refer by "Secure"..? Here, you are just inserting the user's mail id.. That's only I can understand... Can u make your question clear..?

-1

let me suggest for you somethings :
you have to check if the inputs are no mysql injections
by using

mysql_real_escape_string()

and then you have to use filters to see if the user is giving you a real emails or not , coiz sometimes we use to find some crazy users who use to give a very fake emails
i hope this helps
if this is wt you mean please upvote my comment
thanks

0

Prince... How do i know that user entered email id is valid or not... That is real emails not fake one...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.