I have a little query, which is displaying a text if the server query_string exits in the database. It works with all sorts of text an figures in mysql, instead of email adresses. For example if the url looks like "example.com/query.php?test" it works. If there is an email like "example.com/query.php?test@gmail.com" it doesn't work. My DB table type is varchar(100).
Any idea?
<?php
$subscriber_email = ($_SERVER['QUERY_STRING']);
mysql_connect("server", "user", "pswd") or die (mysql_error ());
mysql_select_db("newsletter") or die(mysql_error());
$sql = "SELECT * FROM `newsletter submit` WHERE ID='test@gmail.com'";
$query = mysql_query($sql);
echo mysql_error();
echo (mysql_num_rows($query) == 0) ? 'NO' : 'YES';
?>
You should escape your inputs :
$subscriber_email = mysql_escape_string($_SERVER['QUERY_STRING']);
Using a non escaped string causes an error that prevents your query to be executed.
Additionally, you should consider using mysqli, mysql functions being deprecated.
UPDATE : I was a bit too fast and forgot to mention, you should put quotes on each side of your parameter :
$sql = "SELECT * FROM `newsletter submit` WHERE ID='$subscriber_email'";
Use parse_url() like below
$url = 'example.com/query.php?test@gmail.com';
$parm = parse_url($url);
echo $parm['query'];