I am learning by self process Trial and Error! I was just curious before i started messing with the code and setting up the MySQL databases, Would it be possible to have a php script process variables from the URL and send them to the mysql database? If so would this become a security breach for sql injection via the url? At the moment in time my form on lets say "page1.php" has the inputs as shown below.. [timeofsurvey, datepicker, postcode] This currently sends them to "page2.php" using the var SendStrng and is sent in the url by GET method i assume.
var SendStrng = '&timeofsurvey='+ $("#timeofsurvey :selected").val() + '&datepicker='+ $("#datepicker").val() + '&Postcode='+ $("#Postcode").val() + insuranceplus;
//alert(SendStrng);
window.location.href = 'http://Mywebsite.com/Page2.php?'+ SendStrng
}
So my question is would it be possible to have "page2.php" process these variables and send them to MySql database, the reason i say this is because when users visit the website the "page2.php" has more information regards to what is involved with the job ect ect.. i have found from statistics that some users are dropping on that page so not converting, i wanted the MySQL database to input these variables so we can still see what the client has entered so far before following the process through and exiting on "page2.php" However i did not know if it would be a big security issue using variables sent in the url due to sql injection.
Sorry if this question is a silly one, i am still learning and Stack Overflow users have helped me a great deal so any further input / advice would be greatly appreciated :)
Thanks.
