Support » Plugins » Form (not-emailer) that populates a database?

  • Hi,

    I am a relative newcomer to WP. I was looking for a plugin/hack so that I could have a custom form which sends all the stuff into a database. I am designing a website for an fest and I need to have a form where people register for various events. I need to be able to make queries to this database later and extract data.(for eg: list of all people taking part in ‘a’ particular event.)

    Any pointers to help would be appreciated.

    Cheers,
    Abhishek
    (the site in question is : mind-spark.org)

Viewing 1 replies (of 1 total)
  • mrmist

    (@mrmist)

    Forum Janitor

    The main pointer would be to make sure that every single piece of information that comes from a form and goes into the database is checked first in php to ensure that it doesn’t contain any injection attacks. Essentially this means never putting any raw data from forms directly into the DB. You’d need to ensure that you code for this or that your plugin accounts for it.

    It’s not safe enough just to assume that because your form only allows values 1-5 for a specific response that someone won’t use it to push through “DROP TABLE wp_users;”. Parse everything.

Viewing 1 replies (of 1 total)
  • The topic ‘Form (not-emailer) that populates a database?’ is closed to new replies.