I would like to send someone to a page called "tellfriend" upon his/her registration on register.php. Here is part of the code:
$q1 = mysql_query("INSERT INTO Affiliates (Username, Password, FirstName, LastName, Company, Street, Street2, City, State, Zip, Country, Phone, Email, Website, PayTo, Title, PaymentPreferenceID, StartEffectiveDate, EndEffectiveDate) VALUES ('".$_POST['ausername']."', '".$password."', '".$_POST['afirstname']."', '".$_POST['alastname']."', '".$_POST['acompany']."', '".$_POST['astreet']."', '".$_POST['astreet2']."', '".$_POST['acity']."', '".$_POST['astate']."', '".$_POST['azip']."', '".$_POST['acountry']."', '".$_POST['aphone']."', '".$_POST['aemail']."', '".$_POST['awebsite']."', '".$_POST['acheckname']."', '".$_POST['atitle']."', '".$_POST['payPreference']."', '".$date_now."', '2145945600')") or die(mysql_error()); include "tellfriend.php?id=".$_POST['ausername'];
I have two problems facing right now:
1) What is the proper way of directing my customer to next page (tellfriend) with his id there (say: tellfriend.php?id=100)? Is there anything I can do besides sending the data thru URL???
2) Someone told me that this code is very unsecured and hackers can do the "SQL injection" easily. What can I do to make it secure?
P.S. I got the above two pages from the internet and just want to combine them.
Thx in advance
