Thanks all for your replies. Much appreciated. I have edited the code and took points into account: $con = mysql_connect("localhost","ben_test","removed") or die("con"); $db = mysql_select_db("ben_test") or die("db"); $sql1 = mysql_query("INSERT INTO `comments` (`messages`) VALUES ($comments)") or die("insert"); $mysql_query_one = mysql_query("SELECT * FROM `comments`"); while($rows=mysql_fetch_array($mysql_query_one)) { echo $rows['messages'] . "[br /]"; Okay, the browser outputted "insert" so it has to be something to do with the insert sql syntax I have added. Not sure if its over-riding the same content added as before or something. Any help once again is appreciated. Thank you, Ben Stones. On Jan 3, 2008 3:16 AM, Benjamin Darwin <bddarwin@xxxxxxxxx> wrote: > Ben: > > First, using a $_POST value directly into a MySQL query is EXTREMELY > unsafe. Always filter data from any source to make sure it's what you > expect. SQL injection is one of the easiest ways to cause real damage > to a website. http://en.wikipedia.org/wiki/SQL_injection > > Check out this fuction for making the string safe: > http://us2.php.net/manual/en/function.mysql-real-escape-string.php > Also, try and strip out any characters that don't belong in the string > anyway, just as added security. > > Good luck learning PHP. > > --Another person who happens to be named Ben > > I've also put a few edits in the code. > On Jan 2, 2008 9:57 PM, Ben Stones <bastones@xxxxxxxxxxxxxx> wrote: > > Hello, my name is Ben Stones. I am quite a beginner to PHP, and as a new > > years resolution I am going to learn PHP (finally!) > > > > Cut to the chase I have created a basic looping script that would > display > > anything submitted in a form, on seperate lines; here is the PHP code: > > > > $con = mysql_connect("localhost","ben_test","------removed-----") or > > die("con"); > > $db = mysql_select_db("ben_test") or die("db"); > > mysql_query("CREATE TABLE `comments` (messages varchar(255))"); > > $comments = $_POST['comment']; > > $sql1 = mysql_query("INSERT INTO `comments` (`messages`) VALUES > > ($comments)"); > > > > $mysql_query_one = mysql_query("SELECT * FROM `comments`"); > > while($rows=mysql_fetch_array($mysql_query_one)) { > > echo $rows['messages'] . "[br /]"; > > } > > > > Everything went swell for the first half, and after I truncated the test > > messages (or everything in the column, if you like), I tried doing one > more > > test run and upon clicking 'Submit', nothing would display except the > > messages I added via phpMyAdmin. > > > > Hope someone could help me. > > > > PS: The password has been edited out of the preceding code as well as > the > > HTML code purposely for the mailing list. > > >