Form (not-emailer) that populates a database? (2 posts)

  1. cheerfulguy
    Posted 9 years ago #


    I am a relative newcomer to WP. I was looking for a plugin/hack so that I could have a custom form which sends all the stuff into a database. I am designing a website for an fest and I need to have a form where people register for various events. I need to be able to make queries to this database later and extract data.(for eg: list of all people taking part in 'a' particular event.)

    Any pointers to help would be appreciated.

    (the site in question is : mind-spark.org)

  2. mrmist
    Forum Janitor
    Posted 9 years ago #

    The main pointer would be to make sure that every single piece of information that comes from a form and goes into the database is checked first in php to ensure that it doesn't contain any injection attacks. Essentially this means never putting any raw data from forms directly into the DB. You'd need to ensure that you code for this or that your plugin accounts for it.

    It's not safe enough just to assume that because your form only allows values 1-5 for a specific response that someone won't use it to push through "DROP TABLE wp_users;". Parse everything.

Topic Closed

This topic has been closed to new replies.

About this Topic