if (isset($_POST['messages'])) { //$_SESSION['pagetitle'] = 'newarticle'; if (filter_var($_POST['fname'], FILTER_SANITIZE_STRING)) { $_SESSION['error'] = "sorry! the fname is not valid"; } else { if (filter_var($_POST['phoneno'], FILTER_VALIDATE_INT)) { $_SESSION['error'] = "sorry! the phone no is not valid"; } else { $fname = filter_var($_POST['fname'], FILTER_SANITIZE_STRING); $phoneno = filter_var($_POST['phoneno'], FILTER_SANITIZE_NUMBER_INT); $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); $subject = filter_var($_POST['subject'], FILTER_SANITIZE_STRING); $message = filter_var($_POST['message'], FILTER_SANITIZE_STRING); $sql = "INSERT INTO messages (username,email,phoneno,subject,messages)\n VALUES ('{$fname}','{$email}','{$email}','{$phoneno}','{$subject}','{$message}')"; $article = new Article(); $result = $article->message($sql); if (!empty($result)) { header('Location: index.php?action=newpost'); $_SESSION['success'] = "the message has been sent"; } else { $_SESSION['error'] = "There was an error while sending the message"; } } } } } } } } } }