I have an HTML form with the action attribute set to the famous FormMail.pl and it works beautifully. However, I also want to insert the data into a MySQL database.
Initially, I thought that I would let FormMail validate the data, send the email, and then redirect to a PHP script that would use the $_POST array to INSERT it into my db. Of course, it didn't work. AFAICT, both the FormMail script and the PHP script need to be called from the form's action attribute.
1 - Is there a way to call them both?
From lurking around and reading tutorials, I understand that it is possible to send emails with PHP and that I don't need to use FormMail at all. However, I have been told that FormMail is a relatively "safe script" that won't let hackers exploit either the server or myself. I am not quite sure what such exploits might be, but I trust that the hackers are...
2 - If I am to drop FormMail, what PHP script should I use to protect my, and the server's, security?
Which brings us to the next point: the PHP script that I currently use is very straightforward (connect, select_db, INSERT) and the subuser has only INSERT privileges.
3 - Am I putting anything (db, server) in a danger with this script?
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php