[COLOR="#000000"][COLOR="#0000BB"]mysql_connect[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'localhost'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'root'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]);[/COLOR][COLOR="#0000BB"]mysql_select_db[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'bf'[/COLOR][COLOR="#007700"]);if(isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'btnSign'[/COLOR][COLOR="#007700"]])) { [/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'mtxMessage'[/COLOR][COLOR="#007700"]]); [/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'txtName'[/COLOR][COLOR="#007700"]]); [/COLOR][COLOR="#FF8000"]// Sanitize message input [/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]strip_tags[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]addslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]))); [/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]); [/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]htmlspecialchars[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]); [/COLOR][COLOR="#FF8000"]// Sanitize name input [/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]strip_tags[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]addslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]))); [/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]); [/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"INSERT INTO guestbook (comment,name) VALUES ('[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#DD0000"]','[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"]');"[/COLOR][COLOR="#007700"]; print[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"];[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"]()); } [/COLOR][/COLOR]