immersion

redarrow, Thanks for the code hints. Beyond what you are suggesting is it safe to have the insert record script and the formail script in the same page? Thanks again, Dave

Hello, Forgive me if I am not posting this in the right way. I will try and format the code correctly and ask the right questions. I have created a script that upon html form completion does 2 things. 1, I am using a phpformmail script to send the form results to an email address. 2. I am using code off a tutorial to insert records into a MYSQL database. From a securtity point of view is this a dumb way to go about achieving the 2 desired functions? Should I seperated the formmail and insert record script? What is the best way to accomplish this? Any feedback would be apprecitaed. I will post the script below. [code]<?php $username="user"; $password="pass"; $database="contact"; $first=$_POST['first']; $last=$_POST['last']; $phone=$_POST['phone']; $mobile=$_POST['mobile']; $fax=$_POST['fax']; $email=$_POST['email']; mysql_connect("localhost",$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email')"; mysql_query($query); mysql_close(); ?>[/code] Thanks, Dave