rendered paste body$spath = $_POST['countryname'];
str_replace(" ", "", $spath);
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO country (name, `path`, code) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['countryname'], "text"),
GetSQLValueString($spath, "text"),
GetSQLValueString($_POST['flag'], "text"));