[code] <?php if(isset($_POST['submit'])) { $first = $_POST['fname']; $last = $_POST['lname']; $address = $_POST['address']; $email = $_POST['email']; $pcode = $_POST['pcode']; $country = $_POST['country']; $comment = $_POST['comment']; $conn = mysql_connect("localhost","",""); mysql_select_db("",$conn); $sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');"; $result = mysql_query($sql,$conn); $sql2 = "select id from petition"; $result2 = mysql_query($sql2,$conn); $num_rows = mysql_num_rows($result2); echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first." ".$last." you have made a positive step forward</div>"; echo "<br><h2>You are person <span style='color: red'>".$num_rows."</span>"; }else { echo ' [/code] i need to mysql_escape_string() the values but i dont know how to do it with multiple values?