@davidbisset remember to sanitize your users' input, kids!

(Oh and while you're at it, please refactor that SQL database code to use prepared statements. Yes, I know, but it won't get any easier in the future when it's even bigger.)