PHP Contact form{+4 rep}

Here is function.php:

PHP Code:

---

function secure($string) {
$string = mysql_real_escape($string);
$string = stripslashes($string);
return $string;
} 


---

PHP Code:

---

<?php

include 'function.php';

$host = "dbhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbname";

$con = mysql_connect("$host","$dbuser","$dbpass")
or die(mysql_error());

mysql_select_db("$dbname",$con)
or die(mysql_error());

if ( isset($_POST['contact'] )) {
    if ( empty($full) || empty($adr1) || empty($adr2) || empty($town) || empty($county) || empty($postcode) || empty($email) || empty($sprod) || empty($squant) ) {
        die('A mandatory field has been left empty.');
    } else {
        $full = secure($_POST['full']);
        $adr1 = secure($_POST['adr2']);
        $adr2 = secure($_POST['adr2']);
        $town = secure($_POST['town']);
        $county = secure($_POST['county']);
        $postcode = secure($_POST['postcode']);
        $telnum = secure($_POST['telnum']);
        $email = secure($_POST['email']);
        $por = secure($_POST['por']);
        $sprod = secure($_POST['sprod']);
        $squant = secure($_POST['squant']);
        $extras = secure($_POST['extras']);
        $remarks = secure($_POST['remarks']);
        
        $insert = mysql_query("INSERT INTO `dbname` (`full`,`adr1`,`adr2`,`town`,`county`,`postcode`,`postcode`,`telnum`,`email`,`por`,`sprod`,`squant`,`extras`,`remarks`) VALUES ('$full','$adr1','$adr2','$town','$county','$postcode','$telnum','$email','$por','$sprod','$squant','$extras','$remarks')")
        or die(mysql_error());
        
        echo "Form sent";
    }
} else {
    echo "PUT FORM HERE";
}

?>

---

Quote:

---

Originally Posted by Excellent2

Here is function.php:

PHP Code:

---

function secure($string) {
$string = mysql_real_escape($string);
$string = stripslashes($string);
return $string;
} 


---

PHP Code:

---

<?php

include 'function.php';

$host = "dbhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbname";

$con = mysql_connect("$host","$dbuser","$dbpass")
or die(mysql_error());

mysql_select_db("$dbname",$con)
or die(mysql_error());

if ( isset($_POST['contact'] )) {
    if ( empty($full) || empty($adr1) || empty($adr2) || empty($town) || empty($county) || empty($postcode) || empty($email) || empty($sprod) || empty($squant) ) {
        die('A mandatory field has been left empty.');
    } else {
        $full = secure($_POST['full']);
        $adr1 = secure($_POST['adr2']);
        $adr2 = secure($_POST['adr2']);
        $town = secure($_POST['town']);
        $county = secure($_POST['county']);
        $postcode = secure($_POST['postcode']);
        $telnum = secure($_POST['telnum']);
        $email = secure($_POST['email']);
        $por = secure($_POST['por']);
        $sprod = secure($_POST['sprod']);
        $squant = secure($_POST['squant']);
        $extras = secure($_POST['extras']);
        $remarks = secure($_POST['remarks']);
        
        $insert = mysql_query("INSERT INTO `dbname` (`full`,`adr1`,`adr2`,`town`,`county`,`postcode`,`postcode`,`telnum`,`email`,`por`,`sprod`,`squant`,`extras`,`remarks`) VALUES ('$full','$adr1','$adr2','$town','$county','$postcode','$telnum','$email','$por','$sprod','$squant','$extras','$remarks')")
        or die(mysql_error());
        
        echo "Form sent";
    }
} else {
    echo "PUT FORM HERE";
}

?>

---

---

How come u stripped slashes after mysql escape string? :P

Quote:

---

Originally Posted by Jackboy

How come u stripped slashes after mysql escape string? :P

---

Habit :)

TY - but,

I don't get what you've done with the MySQL, it says sprod and squant, but im unsureif this is correct or not...

Quote:

---

Originally Posted by Thai-Man-Land

TY - but,

I don't get what you've done with the MySQL, it says sprod and squant, but im unsureif this is correct or not...

---

Sprod and squant are short for Select Product & Select Quantity.

I can't get it to work still.

I'm sure I saw somewhere that a form action could be 'self'

Quote:

---

Originally Posted by Thai-Man-Land

I can't get it to work still.

I'm sure I saw somewhere that a form action could be 'self'

---

$_SERVER[PHP_SELF]

And I just use that in my code somewhere?

Quote:

---

Originally Posted by Thai-Man-Land

And I just use that in my code somewhere?

---

Yeh you wanna use it after <?php really.