Hi there,

I wonder if someone could check my code for inserting contact details into MySQL database on my website. It's the security/validation that I need checking as I know the insert code works:

PHP Code:
<?php
$con 
mysql_connect("XXX.mysql","XXX","XXX");
if (!
$con)
  {
  die(
'Could not connect: ' mysql_error());
  }

mysql_select_db("XXX"$con);

$number mysql_real_escape_string(preg_replace('/[^0-9]/'''$_POST['number']));

$realname mysql_real_escape_string($_POST['realname']);

$sql="INSERT INTO Enquiries (Name, Number, Date)
VALUES
('
$realname','$number', CURDATE())";

if (!
mysql_query($sql,$con))
  {
  die(
'Error: ' mysql_error());
  }
echo 
"";

mysql_close($con)
?>
Thanks very much in advance for any input, it is much appreciated!

Kind regards, Mike