Comments on: Extending the Ajax Mailing List Sign Up System

By: Aarron

Aarron — Mon, 18 Jun 2007 13:32:09 +0000

Scott, you can learn all about the MailChimp.com API at http://www.mailchimp.com/resources/guides/subscriber_api.phtml. It’s a pretty easy system to use. They have a wonderful PDF you can download with detailed instructions.

By: Scott

Scott — Mon, 18 Jun 2007 13:17:30 +0000

Wondering if there is a way to use ajax and have it automatically get entered into your mailchimp list rather than a table on your server. Have you done this?

By: Aarron

Aarron — Tue, 21 Nov 2006 02:30:23 +0000

3stripe,

Building a system like that would obviously be a very involved process, but there is a good option. Rather than reinventing the wheel by building such a system, it would make more sense to tie in to an existing mailing list management system, preferably one that is part of a rich email service. The one I like best is http://mailchimp.com. They have an API (http://www.mailchimp.com/resources/guides/subscriber_api.phtml) that allows you to send sign ups directly into their managed list system. Alternatively you can copy your always just export your mailing list from your database management tool like PHPMyAdmin as a CSV file, and copy and paste the contents into Mail Chimp’s list management system. The benefit of managing the list with Mail Chimp is they look for duplicates, handle unsubscribes, and of course have a system that allow you to send rich email to people on your list, which , after all, is the point of having a mailing list. I might sound a bit like a commercial for them, but it’s because I have used them for quite some time and had great results. There are other rich email services out there that offer similar features such as Campaign Monitor. I’m not sure if they have an API, though.

Hope that helps.

By: 3stripe

3stripe — Mon, 20 Nov 2006 20:23:13 +0000

I REALLY like this system but I’m a complete PHP novice.

How could you set up a php page to monitor the current list of subscribers , and then export it as a csv file?

Cheers!

3stripe

By: Aarron

Aarron — Thu, 09 Nov 2006 15:54:52 +0000

You’re right, Nate. We should add mysql_real_escape_string() when transferring the $_GET values to variables to prevent an SQL injection attack like this:

$address = mysql_real_escape_string($_GET[’address’]);
$firstName = mysql_real_escape_string($_GET[’firstName’]);
$lastName = mysql_real_escape_string($_GET[’lastName’]);
$phone = mysql_real_escape_string($_GET[’phone’]);

Validation would be another easy addition if receiving new content with simple conditionals like the one used in the storeAddress.php script that check for a missing $_GET[’address’] value and validate the email address using a regular expression.

Thanks for checking out the article and the feedback.

By: Nate K

Nate K — Thu, 09 Nov 2006 14:46:37 +0000

The one thing i would add in your extension is to either a) Validate all of the information coming in, or b) Use prepared statements to execute the query. The script as it stands above is vulnerable to SQL injection.

I like your example for the simplicity of it (minus the prototype library). Yes, it can be extended - but it is simple at the core to get something to work - and it degrades gracefully. These are the kinds of things you need to look at when implementing AJAX (as you have warned above). Though AJAX is fun, you really need to think through its use cases.

Nice article!