gw1500se

As I said earlier, it is really a function of the filters set up by the mail reader or user. The best you can do, as others are suggesting, is to make sure your From and DNS information are complete and correct. You cannot control what the user has set up as a content filter.

The JSON object is in an array. See barand's first post.

That was what I was hoping the OP would see.

print_r will print an array. Instead use 'var_dump' and you will see exactly what it is.

Not really. It is entirely dependent on the recipient's filter.

No. Session information is stored on the server. The only thing transferred between the client and server is the sesssion ID.

Prepared statements and validating input is sufficient. Htmlentities does nothing for security. Email input is much less of a risk since it does not, normally, require database access with user input. Use PHPMailer for your email.

I agree that PDO is the better approach, although that statement could start a religious war. 🙄 While mysqli is OK, PDO is generic in that the base code can support database engines other than MySQL with no changes.

What you posted has nothing to do with securing your web site. Validate the data first. Then use prepared statements.

Don't embed your comments to us in the code. Put the comments outside the formatter.

Your code it nearly impossible to read. Please edit it and use the code tag (<>) and choose the proper code type (PHP). The first thing I notice is that you should be using $_POST rather than $_REQUEST. The second thing I see is you are not using PHPMailer with is infinitely easier than 'mail'.

Just what I would expect from the echo using those single quotes.

Note that within single quotes, PHP does not do substitution. echo "There were ". $row[COUNT($item)] ." orders for carrots for ". $row[$item] ." lbs. each <br />";

Connect to the MySQL database from command line (mysql -u root). You will be prompted for the password. Then enter 'use rockinrochester;'. After that enter the query substituting the values rather than the variables. That will prove that the data was properly entered in the database. Since this is a class project I won't give you the solution outright.

As you can see from your error message echo $password and $collected_password are both empty strings. You say the insert is working but did you run the query manually to verify it is correct in the database? You are also not doing any error checking after the query.