I am trying to create the code that works behind the submit button on my squeeze page.
I need it to:
1) Send me an email with all the user enter data from the form
2) Redirect the user to my "Thank You" page
3) Populate my newly created MySql database with the appropriate info.
I'm VERY new to php, but I've actually created a php file that seems to be doing all this, but it has my email, my DB Username and password in it, and that feels dangerous.
I don't know anything about how security works, so I just tossed the file in the same directory that I have my all my other html pages.
First off, can someone please take a quick look and tell me if there are any pitfalls with this code that I should be aware of (like it won't work in some browsers, or something):
// Define data fields:
$email = $_POST['email'];
$name = $_POST['name'];
$to = "myEmail@mydomain.com";
//Email and then redirect to thanks page
mail($to, $subject, $body, $from);
//Store data in a database:
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("dbname") or die(mysql_error());
mysql_query("INSERT INTO `tablename` VALUES ('$email', '$name', '$PictureVote', '$ProdReviewer', '$NotifywhenReady')");
Second, can anyone explain to me in agonizing detail what I should be doing so that bad people can't somehow get their paws on this code to spam my email and/or hack my db?
(I've made this particular userid/password with limited privelege of insert only which should help, but I still don't want anyone to see anything.)
I imagine that as it stands right now, someone clever could simply view the source data right now to find the name of the file "processform.php" and then do nasty things to me.
I'm using hostgator, by the way, in case that means anything to anyone as far as including specifics in your answers.
Thanks in advance for helping out!