It looks as if you are trying to sanitise the user input on the forms to prevent them from being able to put anything other than a name in there.

You could try doing the sanitisatin in two stages

$city = strip_tags($_POST["city"]);
$city = htmlentities($_POST["city"]);

Another aproach would too to GET the value then sanitise

$city = $_POST['City'];
echo"$city"; //make sure we got it.
$city = strip_tags($city);
$city = htmlentities($city);

Mack.

yeah, but sorry, the problem is that its not getting through to the last section. If i:
$city = $_POST['City'];
echo"$city";
city is empty even before the sanitising. Its weird to me, it passes to the second php section, but not the third (final).
sorry, i lack the more advanced knowledge of php

make sure your on submit function is doing the right form. why not just validate and all in just one function anyways?

you are right, I did have is all in one form, but this is a project for degree, and supervisor noted that separating into different forms for customer experience sake and points from that should be done.. so the customer is not confused.

If I'm understanding correctly the php and the second form are on the same physical page? (If they're not see below my example.)

IOW:
form1.html POSTs to processform1.php and on the same page as processform1.php is the HTML for form2.html? If this is the case, then it's easy...

Pass the city information to the second form as a hidden input, so you can continue passing it to the 3rd form:

<input type="hidden" name="City" value="<? htmlentities(POST['City']); ?> />

##### @ ##### @ #####

If they're not on the same physical page, they're probably should IMO, or are going to need to be for an easy solution to this issue. (If I'm understanding correctly.) You could also solve the issue via cookie if they are required, or with a database, but you're really complicating a simple issue with that type of system and personally, I'd be tempted to put all the php processing and forms together on a single page, so you can easily pass values from one form to another via POST using hidden inputs.

<?php

if($_POST['form1_submitted']=="Yes") {

/* process form1 */

$show_html="The HTML for form2";

}

elseif($_POST['form2_submitted']=="Yes") {

/* process form2 */

$show_html="The HTML for form3";

}

elseif($_POST['form3_submitted']=="Yes") {

/* process form3 */

$show_html="The HTML for the thank you page";

}

else {
$show_html="The HTML for form1";
}

echo $show_html;

* You could even use includes for the HTML if you wanted to get tricky. ;)

<added>
In 'straight php' to build the HTML more efficiently, you would probably use something like:

$show_html="<form blah stuff>";
$show_html.="<input type=\"hidden\" name=\"City\" value=\"". htmlentities(POST['city'])."\" />";

OR

$show_html="<form blah stuff>";
$show_html.="<input type=\"hidden\" name=\"City\" value=\"". htmlentities($city)."\" />";

If you have already set $city from the POST.

** You could probably also play around with the order of the processing and do some error checking on each form, and if the checks don't work out (IOW there is an entry error) you could then redisplay the form they just submitted with the values they entered and a little coaching on what to do, so it is submitted correctly the next time.
</added>

I *often* forget closing quotes when posting here:

<input type="hidden" name="City" value="<? htmlentities(POST['City']); ?>" />

Sorry.

thanks a lot. I had to edit it though.. as follows:

<input type="hidden" name="City" value="<? $city = htmlentities(strip_tags($_POST['City'])); echo ($city); ?>" />
this is the only way after testing that it would work.
I had to echo within the hidden tag.
then in the final section for the mail() i had to repeat $city = $_POST['City']; code.
It now works as i desired.

THANK YOU :-)

I have another question:
Iv got a form, this form gets info from js() variable to.
Anyway, Ive seen that you can use ACTION= for posting into email, posting into http,
But can it be use to post directly into a php variable so that the form can be carried into my php mail function ?