Originally Posted by
rbarbour
Try replacing
$getUserEmail = $_POST['email'];
$sql = "SELECT customers_id FROM zen_customers WHERE customers_email_address = '" . $getUserEmail . "' LIMIT 1";
Hope this helps!
However most jQuery/AJAX uses the $_REQUEST method to obtain information from a form.
Oy! That's a SQL Injection disaster waiting to blow up your entire site!
Never use $_POST or $_REQUEST or $_GET etc data directly in an SQL query without sanitizing it first!!!!!!!!!
Something like this is safer:
Code:
$sql = "SELECT customers_id FROM zen_customers WHERE customers_email_address = :email LIMIT 1";
$sql = $db->bindVars($sql, ':email', $_POST['email'], 'string');
And your script needs to first run application_top in order to get access to the database via $db.
Bookmarks