Hi guys
I have this code below and all works fine when submitting this online application apart from when someone types either ' # & into one of the comment fields in which it throws up the error. Have tried various fixes from across the internet but no joy. Can anyone offer suggestions?
<?php
$con = mysql_connect("localhost:3306","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('sfapp', $con);
$sql="INSERT INTO 'sfapp' ('surname_add','forename_add','dob_add','hometele_add','mobiletele_add','homeadd_add','siblings_add','schoolname_add','headname_add','schooladd_add','schooltele_add','schoolem_add','alevel_add','personstate_add','nameprovided_add','pe_add','se_add','PredGrade_Art','PredGrade_AScience','PredGrade_BusStudies','PredGrade_Electronics','PredGrade_EnglishLang','PredGrade_EnglishLit','PredGrade_French','PredGrade_German','PredGrade_Geog','PredGrade_Graphics','PredGrade_History','PredGrade_Maths','PredGrade_SepScience','PredGrade_ProductDesign','PredGrade_Spanish','PredGrade_Other','Gender_Male','Gender_Female','Sub_EnglishLit','Sub_Maths','Sub_FurtherMaths','Sub_Biology','Sub_Chemistry','Sub_Physics','Sub_French','Sub_German','Sub_Spanish','Sub_Geography','Sub_History','Sub_RE','Sub_FineArt','Sub_Business','Sub_Computing','Sub_GlobPersp','Sub_DramaAndTheatre','Sub_PE','Sub_Dance','Sub_Politics','Sub_Psychology','Sub_Sociology','readprospect_chk','Sib_Yes','Sib_No','Current_Student_Yes','Current_Student_No','I_Understand_chk','Current_Education_chk','Local_Care_chk','Staff_Cwhls_chk','Sub_Film')
VALUES
('$_POST[surname_add]','$_POST[forename_add]','$_POST[dob_add]','$_POST[hometele_add]','$_POST[mobiletele_add]','$_POST[homeadd_add]','$_POST[siblings_add]','$_POST[schoolname_add]','$_POST[headname_add]','$_POST[schooladd_add]','$_POST[schooltele_add]','$_POST[schoolem_add]','$_POST[alevel_add]','$_POST[personstate_add]','$_POST[nameprovided_add]','$_POST[pe_add]','$_POST[se_add]','$_POST[PredGrade_Art]','$_POST[PredGrade_AScience]','$_POST[PredGrade_BusStudies]','$_POST[PredGrade_Electronics]','$_POST[PredGrade_EnglishLang]','$_POST[PredGrade_EnglishLit]','$_POST[PredGrade_French]','$_POST[PredGrade_German]','$_POST[PredGrade_Geog]','$_POST[PredGrade_Graphics]','$_POST[PredGrade_History]','$_POST[PredGrade_Maths]','$_POST[PredGrade_SepScience]','$_POST[PredGrade_ProductDesign]','$_POST[PredGrade_Spanish]','$_POST[PredGrade_Other]','$_POST[Gender_Male]','$_POST[Gender_Female]','$_POST[sub_EnglishLit]','$_POST[sub_Maths]','$_POST[sub_FurtherMaths]','$_POST[sub_Biology]','$_POST[sub_Chemistry]','$_POST[sub_Physics]','$_POST[sub_French]','$_POST[sub_German]','$_POST[sub_Spanish]','$_POST[sub_Geography]','$_POST[sub_History]','$_POST[sub_RE]','$_POST[sub_FineArt]','$_POST[sub_Business]','$_POST[sub_Computing]','$_POST[sub_GlobPersp]','$_POST[sub_DramaAndTheatre]','$_POST[sub_PE]','$_POST[sub_Dance]','$_POST[sub_Politics]','$_POST[sub_Psychology]','$_POST[sub_Sociology]','$_POST[readprospect_chk]','$_POST[sib_Yes]','$_POST[sib_No]','$_POST[Current_Student_Yes]','$_POST[Current_Student_No]','$_POST[i_Understand_chk]','$_POST[Current_Education_chk]','$_POST[Local_Care_chk]','$_POST[staff_Cwhls_chk]','$_POST[sub_Film]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
?>
<?php
//if "email" variable is filled out, send email
if (isset($_REQUEST['pe_add'])) {
//Email information
$admin_email = $_REQUEST['pe_add'];
$forename = $_REQUEST['forename_add'];
$email = "
[email protected]";
$subject = "Application";
$desc =
"Dear $forename
Thank you for submitting your online application, we will be in touch shortly.
"
;
//send email
mail($admin_email, "$subject", "$desc", "From:" . $email);
//Email response
echo "Thank you for contacting us!";
}
//if "email" variable is not filled out, display the form
else {
?>
If you are seeing this, you need to go back and fill out the Personal Email section!
<?php
}
header("location:complete.php");
mysql_close($con)
?>
Thanks in advance.
