0) && (strlen(htmlspecialchars($_GET['sell'])) > 0) && (strlen(htmlspecialchars($_GET['name'])) > 0) && (strlen(htmlspecialchars($_GET['contact'])) > 0)) { $hostname = 'localhost'; // Change if needed $database_name = 'xxxxxxx'; // Use a different database name, if cloning this application $user_name = 'xxxx'; // Change if needed $password = 'xxxxxx'; // Change to your password $to = 'mhamill@computer.org'; // Who will receive the email $subject = 'Real estate lead from oakhillva.com'; // Change as needed $headers = 'From: Oak Hill Virginia Online Webmaster '; // Change as needed // Use of htmlspecialchars function makes SQL injection hacks much less likely $buy = (htmlspecialchars($_GET['buy']) == 'true') ? 1 : 0; $sell = (htmlspecialchars($_GET['sell']) == 'true') ? 1 : 0; $sql = "INSERT INTO real_estate_leads (buy, sell, name, phone_email, more_info, ip, host_name) VALUES (" . $buy . ", " . $sell . ", '" . htmlspecialchars($_GET['name']) . "', '" . htmlspecialchars($_GET['contact']) . "', '" . htmlspecialchars($_GET['moreinfo']) . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_HOST'] . "')"; $link = @mysql_connect($hostname, $user_name, $password) or exit('Cannot connect to database engine'); mysql_select_db($database_name) or exit('Cannot select database'); $result = mysql_query($sql); if (!$result) { echo 'Could not insert into database table'; exit; } // Send the email, change content as you wish. $message = "The following potential real estate lead was collected from the oakhillva.com web site. If the information looks legitimate you may wish to contact this prospect.\n\n"; $message .= "Name: " . htmlspecialchars($_GET['name']) . "\n"; $message .= "Telephone or Email: " . htmlspecialchars($_GET['contact']) . "\n"; $message .= "Interested in buying in Oak Hill: " . htmlspecialchars($_GET['buy']) . "\n"; $message .= "Interested in selling in Oak Hill: " . htmlspecialchars($_GET['sell']) . "\n"; $message .= "Additional Information: " . htmlspecialchars($_GET['moreinfo']) . "\n\n"; $message .= "Date and Time Recorded: " . date('g:i A T \o\n D, n/j/Y') . "\n"; $message .= "IP of sender: " . $_SERVER['REMOTE_ADDR']; if (mail($to,$subject,$message,$headers)) { echo 'Message sent!'; } else { echo 'Information recorded, but unable to send email!'; } } ?>