help with placing query results into a table are on page

[ValdouaD]

Hello, I want to place my resutls area inside a table in my page design but when I do it causes the page design to be all distorted. Is it NOT possible to display the below code inside a nested table on a page?

 

$connect = mysql_connect("XXXX", "XXXX", "XXXX");  
$db = mysql_select_db("XXXX", $connect);  
$sql = "SELECT * 
        FROM STOREDATA 
        WHERE State = '".$_POST['state']."' 
        OR ZIP_Code = '".$_POST['zipCode']."'";  
$result = mysql_query($sql);  
$rows = mysql_num_rows($result);  
if($rows > 0) {  
      echo "<p><center></p>
<table border=\"1\">  
            <th align=\"center\newstyle\">Name</th> 
            <th align=\"center\">City</th> 
            <th align=\"center\">State</th> 
            <th align=\"center\">Sales Phone</th>"; 

    while($row=mysql_fetch_array($result)) {  
        echo "<tr><center>
                <td align=\"center\" class=\"newstyle\">".$row['Name']."</td>
                <td align=\"center\" class=\"newstyle\">".$row['City']."</td>
                <td align=\"center\" class=\"newstyle\">".$row['State']."</td>
                <td align=\"center\" class=\"newstyle\">".$row['Sales_Phone']."</td>
              </tr>";  
    }  
}  
else {  
    echo "No results found";  
}  
mysql_close($connect); ;

[tomfmason]

You don't close the table. Also you should sanitize the user input. As it stands this script is vulnerable to sql injection

[ValdouaD]

Could you please explain that? This piece of code was written for me quite a few years ago and then was just placed into a page.