I am using the following code from a DMX tutorial to give users the opportunity to reset a password on my website. They enter thier email address to have the password sent to thier email account. However the message that tells the user that the password has been sent or is not in the database is always preceded by the code I have highlighted in BOLD and in red on the web page.

Does anyone know why this might be. I am thinking maybe something to do with the get_magic_quotes_gpc() but I am not sure!? Thanks....

<?php require_once('../Connections/connection_reg.php'); ?>
<?php
session_start();
$colname_rstUser = "";
$message = "";
if (isset($_POST['email'])) {
if ($_SESSION['valcode']==$_POST['valcode']) {
$colname_rstUser = (get_magic_quotes_gpc()) ? $_POST['email'] :
addslashes($_POST['email']);
mysql_select_db($database_connection_reg, $connection_reg);
$query_rstUser = sprintf("<b><font color=red>SELECT user_email, user_password FROM regtable1 WHERE user_email
='%s'</b></font id=red>", $colname_rstUser);
echo $query_rstUser;
$rstUser = mysql_query($query_rstUser, $connection_reg) or die(mysql_error());
$row_rstUser = mysql_fetch_assoc($rstUser);
$totalRows_rstUser = mysql_num_rows($rstUser);
if ($totalRows_rstUser &gt; 0) {
mail($row_rstUser['user_email'],"Your password","Your password is:
".$row_rstUser['user_password']);
$message = "Your password has been emailed to you";
} else {
$message = "Sorry, the email address you supplied is not in our database";
}
} else {
$message = "Sorry, but the validation code that you entered was incorrect";
}
}
$_SESSION['valcode'] = sprintf("%04d",mt_rand(1,9999));
?&gt;

%s - Convert the argument to a string and display it as a string.
This is in use in printf(), sprintf(), vprintf()