if ($_POST[submit] == "Submit Form") { // you don't trap apostrophes or quotes - check it! $conn = include("conn.php"); $stamp = time(); $parsedStamp = getDate($stamp); $sql = "insert into oliverAds (". "datePosted, category, machineType, modelNumber, serialNumber, machineCapacities, dimensionsH, dimensionsL, dimensionsW, weight, motorHP,motorPhase, motorVolts, accessories, location, comments, price, phone,contactName, email, IAccept, posterPW, approved". ") values (". "'".$parsedStamp['year']."/". $parsedStamp['mon']."/". $parsedStamp['mday']."', ". "'$_POST[Category]', ". "'$_POST[Machine_Type]', ". "'$_POST[Model_Number]', ". "'$_POST[Serial_Number]', ". "'$_POST[Machine_Capacities]', ". "'$_POST[Height]', ". "'$_POST[Length]', ". "'$_POST[Width]', ". "'$_POST[Estimated_Weight]', ". "'$_POST[Horse_Power]', ". "'$_POST[Phase]', ". "'$_POST[Volts]', ". "'$_POST[Accessories]', ". "'$_POST[Location]', ". "'$_POST[Comments]', ". "'$_POST[Price]', ". "'$_POST[Phone_Number]', ". "'$_POST[realname]', ". "'$_POST[email]', ". "'$_POST[Disclaimer]',". // "password('$_POST[posterPW]')". "'none yet', ". "'f'". ");"; //echo $sql; $result = mysql_query($sql, $conn) or die(mysql_error()); // notify client of the posting $link = "http://www.oliverusedmachinery.com/admin_new.php"; $mailTo = "frank@pollaro.com"; $mailSubj = "Oliver Ad Posting Notification"; $mailHeaders = "From: Oliver Machinery Ad-Bot\n"; $mailHeaders .= "Reply-To: steve@icsites.net"; $mailBody = "This is a notification that there is an ad pending your approval "; $mailBody .= "on OliverMachinery.com - "; $mailBody .= "Point your browser to "; $mailBody .= "$link to view it in its entirety, along with any others "; $mailBody .= "that may be waiting.\n\n"; $mailBody .= "Regards,\n\nThe Ad-Bot\n\n"; $mailBody .= "Posted on ". $parsedStamp['mon']."/". $parsedStamp['mday']."/". $parsedStamp['year']. "\n\n". "Category: ".str_replace("_", " ", $_POST[Category])."\n". "Machine Type: $_POST[Machine_Type]\n". "Model #: $_POST[Model_Number]\n". "Price: $_POST[Price]"; mail($mailTo, $mailSubj, $mailBody, $mailHeaders); $sent = true; } ?>