Registration form rubbish

Hello!

Sorry to bog you down with what will be such a simple problem for your experienced minds:

I am just knocking together a PHP registration form for users. I have managed to make a working login script and tried using that and some tutorials as a base for the registration:

[php]

<?php include "connect.php"; $myID=$_POST['myID']; $myName=$_POST['myName']; $myEmail=$_POST['myEmail']; $theirPassword=$_POST['theirPassword'] $encrypt_theirPassword=md5($theirPassword); $myAdd1=$_POST['myAdd1']; $myAdd2=$_POST['myAdd2']; $myTown=$_POST['myTown']; $myPost=$_POST['myPost']; $sqlquery="INSERT INTO Member (MemberID, Name, Email, Password, Address_line1, Address_line2, Address_town, Address_postcode) VALUES ('$myID','$myName', '$myEmail', '$encrypt_theirPassword', '$myAdd1', '$myAdd2', '$myTown', '$myPost')"; if (!mysql_query($sqlquery,$conn)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($conn) ?>

[/php]

Am i missing something?

well you are missing security! there is no validation of the user input, if the user is inputting numbers then make sure only numbers can be input, if the users is inputting letters names addresses etc. make sure to mysql_real_escape_string() and strip_tags