Hi Ethan, Here are some things to clean up your code:
Your line: $phn = $_POST[phone]; should use quotations as follows: $phn = $_POST['phone']; Your line: $sql1 ='select Lname, Fname from Customers where Phone = $Phn '; Should use double quotes if you need the variable to be interpreted: $sql1 ="select Lname, Fname from Customers where Phone = $Phn "; Lastly, as people have mentioned PDO is probably the best way to go. Try connecting to your database with PDO. Look on Google for "PDO prepared statements" and use those instead of the mysql escape string method. Hope this helps, -Kevin Sent from Yahoo Mail on Android
