Hi there,
I wonder if someone could check my code for inserting contact details into MySQL database on my website. It's the security/validation that I need checking as I know the insert code works:
Thanks very much in advance for any input, it is much appreciated!PHP Code:<?php
$con = mysql_connect("XXX.mysql","XXX","XXX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("XXX", $con);
$number = mysql_real_escape_string(preg_replace('/[^0-9]/', '', $_POST['number']));
$realname = mysql_real_escape_string($_POST['realname']);
$sql="INSERT INTO Enquiries (Name, Number, Date)
VALUES
('$realname','$number', CURDATE())";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "";
mysql_close($con)
?>
Kind regards, Mike
Reply With Quote
Bookmarks