Hi All,
I have a simple add/remove “join our mailing list” script. Everything works fine during the validation, except it will allow more the one e-maill to passthrough.
Can someone take a look and help me out?
Thanks in advance.
<?php
$username="123";
$password="123";
$database="123";
if (!(preg_match("/^.{2,}?@.{2,}\./", $_POST['email']))) {
echo '<font size="+1" color="#FF0000">Error: Invalid E-mail</font><BR>';
echo 'The e-mail address you entered (<i>'.$_POST['email'].'</i>) is invalid. Press back to re-enter you email address';
die();
}
$email=$_POST['email'];
$addremove=$_POST['select'];
if (!$cnx = mysql_connect("localhost",$username,$password))
{
die('Could not connect to the database server: ' . mysql_error());
}
if (!mysql_select_db($database))
{
die('Unable to select the ' . $database . ' database: ' . mysql_error());
}
if ($addremove == 'add')
{
$query = "INSERT INTO contact VALUES
('','NULL','NULL','$email','NULL','NULL','NULL','NULL','NULL')";
if (!$result = mysql_query($query))
{
die('Could not execute the query<br />' . $query . '<br />because: ' . mysql_error());
}
header("Location: http://www.ddmconsultinggroup.com/thanks.html");
exit;
}
elseif ($addremove == 'remove') // again use double equal
{
$query = "DELETE FROM contact WHERE email='$email'";
if (!$result = mysql_query($query))
{
die('Could not delete the email address <strong>' . $email . '</strong> because: ' . mysql_error());
}
header("Location: http://www.ddmconsultinggroup.com/thanks.html");
exit;
}
mysql_close();
?>
