How to post form to database and to an url

Ok, first off I'd direct my form to a page of my own, say "submit.php", which would store the data passed to it into the database and then (before echoing any data to the page) use header() to redirect the user to the api url.

I'm assuming you know ho to connect to a database and submit the data. If now, search the web for a tutorial, there's millions.

Use <form action="submit.php" method="post">... to submit the username to submit.php, whose code is below:

<?php
//send the info to this page via POST method.
$username = $_POST['username'];

//connect to database a run sql "INSERT INTO" query.

$loc = 'location: www.apidomain.com?username=' . $username;
header($loc);
//that last line redirects the user to the api site submitting the username.
?>

Alternatively, you could embed the apidomain.com in a frame or something like that to keep the user on your page, or add "&return=www.yourdomain.com/done.php" to $loc and configure the api to return the user to the value specified.

With the auto increment thing, what is it that you want to auto increment? The id, in the table, of the username submitted? If so, set up a column to auto increment when you create the SQL table.

(If none of this is making sense then look at some tutorials for forms, MySQl tables etc. with this stuff in mind)

Hope that helped.

Before you do anything with the data, you need to sanatize it. This means get rid of characters hackers can use to invade your server.

At a bare minimum,
<code=PHP>
$_POST[xxxx} = str_replace array('<', '>', '[', ']', '{', '}', '\\'), "", $_POST[xxxx]);
</code>

Common sense comes into play here, if you have an input field, firstname, replace ALL special characters except those that could legitimately be in first name such as a dash or single quote. Use the above code and add ~!@#$%^&*()+=:;"?/

Very carefully check out the special characters used by the database application. For example, in php the single quote can create issues. Use php add_slashes to any data field that could possibly contain a single quote.

Hope this helps you while not totally answering your question.

THANKS GUYS

I need to send the auto increment number via the url to the api so i needs to be done by the form and not the database.

Thanks for the info about removing the nasty hacking stuff. I use a cms that has a class i can call to do it for me same with putting stuff in the database but its all in OOP which is even harder to get to grips with so i may just do it in normal php and use the tips in both the posts.

I don't want to send visitors to the api url i want it to be done from my site but with you saying the iframe i reminded me i have so JavaScript which i use to auto subscribe new members to my mailing list.

Basically i pull the users email from my database in to a hidden form and this JavaScript when it sees an email address it will submit the form to the url i have set i think that could easily be modified to be trigged by some thing else.

Thanks Guys

First u can do like this
?.option=submit&user=$username;