Is this code correct?

marlon4417

Hello All,

Below is code for a registration form that passes several variables to a subsequent page. Several clients are having problems getting to the second page and are being timed out with the first page (below). Please suggest if you spot potential issues. Many thanks.

<?php require_once('Connections/mysql.php'); ?>
<?php

session_start();

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $SERVER['PHP_SELF'];
if (isset($SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($POST["MM_insert"])) && ($POST["MM_insert"] == "mtlform")) {
$insertSQL = sprintf("INSERT INTO player1 (fname1, lname1, gender1, DOB1, grade1, experience1, school1, program1) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($POST['fname1'], "text"),
GetSQLValueString($POST['lname1'], "text"),

mysql_select_db($database_mysql, $mysql);
$Result1 = mysql_query($insertSQL, $mysql) or die(mysql_error());

$insertGoTo = "gotopaypal_mtl_2006_registration.php";
if (isset($SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

if ((isset($POST["MM_insert"])) && ($POST["MM_insert"] == "mtlform")) {
$insertSQL = sprintf("INSERT INTO sponsordata (sponsorname, uniformname, sponsortele, sponsaddress) VALUES (%s, %s, %s, %s)",
GetSQLValueString($POST['sponsorname'], "text"),
GetSQLValueString($POST['sponsaddress'], "text"),
GetSQLValueString($POST['uniformname'], "text"),
GetSQLValueString($POST['sponsortele'], "text"));