Twitchy script

[Praetorian]

I purchased this script off ebay, and for obvious reasons I'm going over it with a fine tooth comb. For instance, the person who coded it had clearly used front page to generate his html, because there weren't any " or ' in any of the code.So. This little portion of script doesn't work. It's meant to insert the person's email into the sql database, and then redirect to a page that says "thank you" or whatnot. It submits the email, but nothing else changes. The page just reloads.Thanks in advance. Let me know if you need anything else.

<?phprequire_once("conn.php");if(isset($_POST[smail])){	if(!empty($_POST[nEmail]) && ereg("@", $_POST[nEmail]))	{		$q1 = "insert into dd_newsletter set nemail = '$_POST[nEmail]' ";		mysql_query($q1);		if(!mysql_error())		{			header("location:mail_thankyou.php");			exit();		}	}}header("location:index.php");exit();?>

[Peppe L-G]

Youre $q1 is wrong. You have"insert into dd_newsletter set nemail = '$_POST[nEmail]' ", but it should be"INSERT INTO dd_newsletter (nemail) VALUES ('{$_POST['nEmail']}'".You would find the wrong part if you would have or die(mysql_error()) after the mysql_query():mysql_query($q1) or die(mysql_error());

[Synook]

I purchased this script off ebay,

You what???

[jhecht]

I purchased this script off ebay,

Make this the first, and last, time you do that. There are a bunch of errors in the code, none to make it not run(other than the one pointed out), like the eregi function should be more complex if checking for an email. Fix the Db stuff, and the connection variable resource to the mysql_query calls, and it should be fine.

[Praetorian]

What can I do though? I don't know enough about php to code something like this myself. So the best I can do is buy one for cheap and fix the security holes. *Shrugs.* Unless of course one of you experts is willing to go through and recode it for me. I got $20 paypal if anyone is interested. The script needs a lot of work. For one thing, there's nowhere in the script to remove yourself from the mailing list. A big no no.Thanks for the help. I'll give that a shot and update here with whatever happens.

[Praetorian]

Just an update to this... That fix didn't work. It's still not redirecting to the thankyou page.

[jhecht]

<?phperror_reporting(E_ALL);if(ini_get('display_errors')==0|| ini_get('display_errors')=='no'){ ini_set('display_errors',1);}//Once the script if fixed, we'll just delete this part.require_once("conn.php");if(isset($_POST['smail'])){ if(!empty($_POST['nEmail']) && ereg("@", $_POST['nEmail'])) { $email = (get_magic_quotes_gpc()) ? $_POST['nEmail'] : mysql_real_escape_string($_POST['nEmail'],$connectionVariableDefinedInConn); $q1 = "INSERT INTO tableHere(email_column) VALUES('{$email}')"; mysql_query($q1,$connectionVariableDefinedInConn) or die(mysql_error()); header('location:yourOtherPage.php'); }}?>Make sure your HTML form has the fields smail and nEmail, otherwise this won't work.

[Matpatnik]

What can I do though? I don't know enough about php to code something like this myself. So the best I can do is buy one for cheap and fix the security holes.

Well you can take the time to learn it properly or google it and get 1000 different ways of doing it for free and learn from that.

[justsomeguy]

For one thing, there's nowhere in the script to remove yourself from the mailing list.

If you're trying to set up a mailing list, here's a free one:http://www.phplist.com/