Hi, just starting out with PHP, etc. Seem to be picking things up quickly. Just want some advice on how secure things are e.g. entering email address into the database, etc. Look forward to some help and advice.

<?php
error_reporting(0);
$email = "";
$msg_to_user = "";
if ($_POST['email']!=""){
	include_once "connection.php";
	
	$email = $_POST['email'];
	
	$sql = mysql_query("SELECT * FROM addresses WHERE email='$email'");
	$numRows = mysql_num_rows($sql);
	
	if (!$email){
	$msg_to_user = '<div class="msg_to_user">Please type an email address.</div>';
	}
	
	else if ($numRows>0){
	$msg_to_user = '<div class="msg_to_user">'.$email.' is already in the system.</div>';
	}
	else {
	$sql_insert=mysql_query("INSERT INTO addresses (email, dateTime) 
	VALUES('$email',now())") or die (mysql_error());
	
	
	$msg_to_user='<div class="msg_to_user_success">You have been added successfully.</div>';	
	$email="";
	}
	}
?>

Any sugggestions?

What do you refer by "Secure"..? Here, you are just inserting the user's mail id.. That's only I can understand... Can u make your question clear..?

let me suggest for you somethings :
you have to check if the inputs are no mysql injections
by using

mysql_real_escape_string()

and then you have to use filters to see if the user is giving you a real emails or not , coiz sometimes we use to find some crazy users who use to give a very fake emails
i hope this helps
if this is wt you mean please upvote my comment
thanks

Prince... How do i know that user entered email id is valid or not... That is real emails not fake one...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.