in just a few weeks, it is unstopable [PHP,MySQL database]security

hi! I started learning PHP and MySQL database a few months ago and came up with this [url]http://positive0.negative0.net/[/url]
.

I’m still learning. But the problem starts once I have my guestbook using PHP and MySQL running. See it for yourself. I would suggest not because it would take a few seconds to minutes to open up the page [url]

According to some in the forum, there are bugs and security hole. I’ve been trying to solve but my efforts seems like a waste of time because the posts kept increasing. And I think the codes are correct.

These are my 2 scripts,

guesth_postie.php

[code=php]

<?php
//Connects to your Database
$connect = mysql_connect(“localhost”, “user”, “password”) or die(mysql_error());
mysql_select_db(“db”);

$query = “SELECT * FROM db order by no desc “;
$result = mysql_query ($query, $connect);
Print “<table border=0 cellpadding=0 width=400 height=* cellpadding=0>”;

Print “<tr>”;
Print “<tr><td align=left>Name</td><td>Monkeyhead</td></tr> “;
?>
<tr><td align=”left”>Email</td><td>
<a href=”mailto:[email protected]”>[email protected]</a></td>
</tr>
<?
Print “<tr><td align=left>Website</td><td>http://positive0.negative0.net</td></tr>”;
Print “<tr><td align=left>Subject</td><td>Welcome</td></tr>”;
Print “<tr><td valign=top align=center>Message&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td align=top width=400>
Welcome to the monkeyhead message board. Enjoy!</td></tr>”;

Print “<tr><td><hr></td><td width=350><hr></td></tr>”;
Print “<tr>”;

while($info = mysql_fetch_array( $result ))
{
Print “<tr>”;
Print “<tr><td align=left>Name</td><td> “.$info[‘name’] . “</td></tr> “;
?>
<tr><td align=”left”>Email</td><td><a href=”mailto:<?=$info[’email’]?>”>
<?=$info[’email’]?></a></td>
</tr>
<?
Print “<tr><td align=left>Website</td><td>”.$info[‘website’] . “</td></tr>”;
Print “<tr><td align=left>Subject</td><td>”.$info[‘subject’] . “</td></tr>”;
Print “<tr><td valign=top align=center>Message&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td align=top width=400>”.$info[‘message’] . “</td></tr>”;

Print “<tr><td><hr></td><td width=350><hr></td></tr>”;
Print “<tr>”;
}
Print “</table>”;

mysql_close($connect);
?>
[/code]

And the input file
input.php

[code=php]
<?php

function noblank($msg){
echo ”
<script>
window.alert(‘$msg’);
history.back(1);
</script>
“;
exit;
}
if(!$name) noblank(‘Please write your name’);
if(!$subject) noblank(‘Please write your subject and message’);
if(!$message) noblank(‘Please write your message’);

// Connects to your Database

$connect = mysql_connect(“localhost”, “user”, “password”) or die(mysql_error());
mysql_select_db(“db”) or die(mysql_error());
$query = “INSERT INTO db (no, name, website, subject, message, email, regdate, ip)
values (‘no’,’$name’,’$website’,’$subject’,’$message’,’$email’, now(),’$REMOTE_ADDR’)”;

mysql_query ($query, $connect);

mysql_close($connect);
?>
[/code]

I don’t want to cause any harm to the one that is causing this problem but I just want to find out “how I can possibly fix it” and prevent this kind of mistake.
I would appreciate it very much!

Also in #PHP _↴