\r\n"; mail('jim.rolt@googlemail.com', $subject, $error, $headers); } include'dataedit/sql.php'; if(!isset($_POST['submit'])){ $id = (is_numeric($_GET['id'])) ? $_GET['id'] : 1; $type = isset($_GET['type']) && is_numeric($_GET['type']) ? $_GET['type'] : 1; switch($type){ case 2: $q = mysql_query("SELECT Name FROM Shops WHERE id = $id")or mailjim('q1', mysql_error()); break; case 3: $q = mysql_query("SELECT Name FROM Sports WHERE id = $id")or mailjim('q2', mysql_error()); break; case 4: $q = mysql_query("SELECT event AS Name FROM events WHERE eventid = $id")or mailjim('q3', mysql_error()); break; default: $q = mysql_query("SELECT Name FROM EstDetails WHERE RecordID = $id")or mailjim('q4', mysql_error()); } $res = mysql_fetch_assoc($q); } ?> Review a establishment

Related links:

Attractions | Activities | Folk Customs | Theatres

Review {$res['Name']}\n"; include'linkunit.txt'; echo"

Please write your review on the {$res['Name']} below. Please go back if you wish to contact this establishment
"; ?> we never pass on to any third party any details we receive and we will never bother you with unwanted email. We abhor spam and do all we can to eliminate it

 
EOT; } elseif(!empty($_POST['contact'])){ if(stristr($_POST['contact'], "\n") || stristr($_POST['text'], "http://") || stristr($_POST['email'], "\n") || stristr($_POST['email'], "http://")){echo'We cannot process that request';} else{ function quote_smart($value){ if (get_magic_quotes_gpc()){$value = stripslashes($value);} if (!is_numeric($value)){$value = mysql_real_escape_string($value);} return $value; } $contact = quote_smart($_POST['contact']); $email = quote_smart($_POST['email']); $id = quote_smart($_POST['recordid']); $text = quote_smart($_POST['text']); $type = quote_smart($_POST['type']); if(!empty($_POST['date']))$text.= '

Date visited: '.quote_smart($_POST['date']); $q = mysql_query("INSERT INTO reviews (est, name, email, date, review, type ) VALUES ( '$id', '$contact', '$email', NOW(), '$text', '$type' )")or die(mysql_error()); $ch = mysql_query("SELECT id FROM emailaddress where email = '".mysql_real_escape_string($_POST['email'])."' ") or die(mysql_error()); if(mysql_num_rows($ch) == 0){ $in = mysql_query("INSERT INTO emailaddress VALUES('', '".mysql_real_escape_string($_POST['email'])."', NOW() )") or die(mysql_error()); } ?>

Thank you , your review has been sent and will appear on site once it has been checked.

Thank you for your input