0

I am trying to make secure my database credentials but they keep showing up in the firebug console.

I simply want to save form information into a database.

My form (form.html)

<form id="Form" method="POST" >
    <table>
        <tr>
            <td>Name:</td>
            <td><input id="name" name="name" type="text" /></td>
        </tr>
        <tr>
            <td>Address:</td>
            <td><input id="address" name="address" type="text" /></td>
        </tr>
        <tr>
            <td>Telephone:</td>
            <td><input id="telephone" name="telephone" type="text" /></td>
        </tr>
        <tr>
            <td>Email:</td>
            <td><input id="email" name="email" type="email" /></td>
        </tr>
    </table>
    <div class="SubmitButton">
        <input type="submit" id="submit" name="submit" value="Submit" />
    </div>
    </form>

    <div id="Response"></div>
</div>

<!-- javascript to handle form data -->
<script type="text/javascript">    
$("document").ready(function(){
    var frm = $('#Form');
    frm.submit(function (ev) {      
        ev.preventDefault();  

        var email = $('#email').val();
       if(email)
       {
            $.ajax({
                type: "POST",
                dataType:"json",
                url: "submit.php",
                data: frm.serialize(),
                success: function () {
                    $('#Response').empty();
                    $('#Response').wrapInner("<span class='SuccessMessage'>Your information has been submitted successfully!</span>")
                    return;
                },
                error: function () {
                 $('#Response').empty();
                 $('#Response').wrapInner("<span class='ErrorMessage'>Your information was not submitted successfully.  Please try again.</span>")
              }
            });
        } else {
            $('#Response').empty();
            $('#Response').wrapInner("<span class='EmailBlankMessage'>Email address is a required field.</span>")
            return;
        }
    });
});
</script>

Here is my submit.php

<?php
if($_POST)
{
    require(dirname(__FILE__)."/../config.php");

    $name = $_POST["name"];
    $address = $_POST["address"];
    $telephone = $_POST["telephone"];
    $email = $_POST["email"];

    $name = mysql_real_escape_string($name);
    $address = mysql_real_escape_string($address);
    $telephone = mysql_real_escape_string($telephone);
    $email = mysql_real_escape_string($email);

    mysql_query("INSERT INTO XXXXX(name, address, telephone, email) VALUES('$name', '$address', '$address', '$email')"); 


}else { 
    header("Location: /Form.html");
    die();
}

?>

Here is my config.php 

 <?

$hostname = "XXXXXX";
$database = "XXXXXX";
$username = "XXXXXX";
$password = "XXXXXX";

mysql_connect($hostname, $username , $password) or die (mysql_error());
mysql_select_db($database ) or die (mysql_error());

The config file is placed outside the root. However the 2 main issues I am having is that it won't insert the form data into the table and also the database credentials from config.php show up in the firebug console post response. I don't understand what is wrong with my code.

Improve this question

1 Answer 1

Reset to default
2

Your php open tag in config.php is <? - this is short open tag, which I think is disabled in your config. Your php in config.php is then not interpreted and is shown as is. Change it to regular open tag <?php.

Also note that mysql extension is deprecated, you should switch to PDO and prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.