I am really a beginner here I here I know but I have been reading my php book and none of the code they give me to send contact form info to mysql seems to work. I am using WAMP on windows xp pro what would be a good php script to send my contact form to my database? This is my html contact form: <form action="save.php" method="post"> Name: <input name="name" size="50" type="text"> <br /> E-mail: <input name="email" size="50" type="text"> <br /> Subject: <input name="subject" size="50" type="text"> <br /> Message: <br /> <textarea rows="20" cols="50" name="message"></textarea><br /> <input value="Submit!" type="submit"> </form>
open your save.php file. $name = $_POST['name']; $email = $_POST['email']; $subject = $_POST['subject']; $message = $_POST['message']; mysql_query("INSERT INTO table SET `name`='$name', `email`='$email', `subject`='$subject', `message`='$message' "); Of couse, first of all you need to connect to mysql database.
It amazes me how simple everything in php seems to be... if you have any more questions you should check out tizag.com, it's php tutorial helped me alot. PM me with anymore questions if you'd like, i'm new, but wouldn't mind trying to help you figure stuff out as I can learn from it also.
simple yet one of the best contact form: http://safalra.com/programming/php/contact-feedback-form/ I have used it on some websites already.
connect to db first php-mysql-tutorial.com/wikis/mysql-tutorials/connect-to-mysql-database.aspx then use the code given by darkerx to insert into db
One tip: Don't take input directly and insert into database. In order to protect your site from SQL injection always use mysql_real_escape_string() function to validate input before inserting into database. Best Of Luck!!
if you want to use mysql real escape string function be sure you are connected to db while trying to use this function.
Actually it is not necessary to use stripslashes. People use it when magic_quotes_gpc(deprecated) is enabled and the data is not going to be inserted into database that needs escaping. This adds extra slash to the data. To remove the extra slash, in case you want to display the data, stripslashes in used. Refer: http://in3.php.net/manual/en/function.stripslashes.php But if you use mysql_real_escape_string() then it is really not necessary to use stripslashes. Rather you could use trim and strip_tags(). You may refer to this thread in PhpFreaks to understand more- http://www.phpfreaks.com/forums/php-coding-help/(solved)-escape-string-vs-trim-vs-strip-slashes/ I found it useful. Best Wishes.
mysql real escape string was added after php version 4.3 , and depreciates the add slashes function that works if gpc magic quotes are on.
Ya, thats true.. But mysql_real_escape_strinng() comes to use when there is a database connection but addslashes() doesn't necessarily have to do anything with database connection.