I am using phpmyadmin to view the DB.
I feel like the escape string is consistent with what you are saying, it is before the insert and it is defined as part of the value. For the <textarea>output goes here</textarea> I'm a little confused by what you mean. I have the echo command in between the text area and from my understanding of what you are saying that is incorrect. I remember reading something about values can't be assigned to text area's but i could be mistaken but every example i've seen has the text area setup as followed:
$link = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
echo "<pre>";
print_r($_POST);
echo "</pre>";
$value = mysqli_real_escape_string ( $link , $_POST['Name'] );
$value2 = mysqli_real_escape_string ( $link , $_POST['E-Mail'] );
$value3 = mysqli_real_escape_string ( $link , $_POST['Website'] );
$value4 = mysqli_real_escape_string ( $link , $_POST['Comments'] );
$sql = "INSERT INTO `contact` (`Name`, `E-Mail`, `Website`, `Comments`) VALUES ('$value', '$value2', '$value3', '$value4')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
mysql_close();
?>
I removed some of the other input types to focus on the text area..
<form action="contactdb.php" method="post"/>
<input type="hidden" name="formID" value="Contact" />
<input type="hidden" name="redirect_to" value="http://www.cavalierchampions.com" />
<textarea name="Comments" rows="4" cols="40" id="Comments"><?php echo $Comments;?></textarea><br><br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>