Greetings
<?
mysql_connect("xxx","xxx","xxx");
mysql_select_db("name");
if (!isset($_POST['submit'])) {
print "<h1>";
print "Welcome";
print "</h1>";
print "<br><br><br>";
echo "<center>";
print "<form action=\"\" method=\"POST\">";
print "<input name=\"dgt\" id=\"Join\" style=\"width:400px\" type=\"text\"> ";
print "<input name=\"submit\" value=\"Join\" type=\"submit\">";
print "</form>";
} else {
$name = $_POST['dgt'];
if(strlen($name) != "10") {
print "Name is incorrect.";
} else {
$query = mysql_query("SELECT * FROM contacts WHERE name ='$name';");
if(mysql_num_rows($query) > 0){
$row = mysql_fetch_assoc($query);
print "True";
print "$row[no]";
}else{
print "False";
}
}
}
?>
This script is vulnerable to SQLi I need help in fixing the vulnerability please.