, Please 
0
$name = array('Name','name',NULL,NULL);
$email = array('Email','email',NULL,NULL,NULL);
$subject = array('Subject','subject',NULL,NULL);
$message = array('Message','message',NULL,NULL);
$security = array('Security question','security',NULL,NULL,NULL);
$yourusername = $membername;
$error_message = '';
if (!isset($_POST['submit'])) {
showForm();
} else { //form submitted
$error = 0;
if(!empty($_POST['check'])) die("Invalid form access");
if(!empty($_POST['name'])) {
$name[2] = clean_var($_POST['name']);
if (function_exists('htmlspecialchars')) $name[2] = htmlspecialchars($name[2], ENT_QUOTES);
}
else {
$error = 1;
$name[3] = 'color:#FF0000;';
}
if(!empty($_POST['email'])) {
$email[2] = clean_var($_POST['email']);
if (!validEmail($email[2])) {
$error = 1;
$email[3] = 'color:#FF0000;';
$email[4] = '<strong><span style="color:#FF0000;">Invalid email</span></strong>';
}
}
else {
$error = 1;
$email[3] = 'color:#FF0000;';
}
if(!empty($_POST['subject'])) {
$subject[2] = clean_var($_POST['subject']);
if (function_exists('htmlspecialchars')) $subject[2] = htmlspecialchars($subject[2], ENT_QUOTES);
}
else {
$error = 1;
$subject[3] = 'color:#FF0000;';
}
if(!empty($_POST['message'])) {
$message[2] = clean_var($_POST['message']);
if (function_exists('htmlspecialchars')) $message[2] = htmlspecialchars($message[2], ENT_QUOTES);
}
else {
$error = 1;
$message[3] = 'color:#FF0000;';
}
if(empty($_POST['security'])) {
$error = 1;
$security[3] = 'color:#FF0000;';
} else {
if($question_answers[$_POST['question']] != strtolower(clean_var($_POST['security']))) {
$error = 1;
$security[3] = 'color:#FF0000;';
$security[4] = '<strong><span style="color:#FF0000;">Wrong answer</span></strong>';
}
}
if ($error == 1) {
$error_message = '<span style="font-weight:bold;font-size:90%;">Please correct/enter field(s) in red.</span>';
showForm();
} else {
if (function_exists('htmlspecialchars_decode')) $name[2] = htmlspecialchars_decode($name[2], ENT_QUOTES);
if (function_exists('htmlspecialchars_decode')) $subject[2] = htmlspecialchars_decode($subject[2], ENT_QUOTES);
if (function_exists('htmlspecialchars_decode')) $message[2] = htmlspecialchars_decode($message[2], ENT_QUOTES);
$message = "Username:$membername\r\nPoints:$memberpoints\r\nName:$name[2]\r\nEmail:$email[2]\r\n\r\nMessage:\r\n$message[2]\r\n";
if (!$from) $from_value = $email[2];
else $from_value = $from;
$headers = "From: $from_value" . "\r\n" . "Reply-To: $email[2]";
mail($to,"$subject_prefix - $subject[2]", $message, $headers);
if (!$thank_you_url) {
echo $GLOBALS['thank_you_message'];
echo "\n";
}
else {
header("Location: $thank_you_url");
}
}
} //else submitted
function showForm()
{
global $name, $email, $subject, $pointsneeded, $message, $security, $question_answers, $form_width, $form_background, $form_border, $form_border_style;
$question = array_rand($question_answers);
echo $GLOBALS['error_message'];
if ($pointsneeded<=0){
echo <<<EOD
<div style="width:{$form_width};vertical-align:top;text-align:left;background-color:{$form_background};border: 1px {$form_border} {$form_border_style};overflow:visible;" id="formContainer">
<form method="post" class="contactForm">
<fieldset style="border:none;">
<p><label for="{$name[1]}" style="font-weight:bold;{$name[3]};width:25%;float:left;display:block;">{$name[0]}</label> <input type="text" name="{$name[1]}" value="{$name[2]}" /></p>
<p><label for="{$email[1]}" style="font-weight:bold;{$email[3]}width:25%;float:left;display:block;">{$email[0]}</label> <input type="text" name="{$email[1]}" value="{$email[2]}" /> {$email[4]}</p>
<p><label for="{$subject[1]}" style="font-weight:bold;{$subject[3]}width:25%;float:left;display:block;">{$subject[0]}</label> <input type="text" name="{$subject[1]}" value="{$subject[2]}" /></p>
<p><label for="{$message[1]}" style="font-weight:bold;{$message[3]}width:25%;float:left;display:block;">{$message[0]}</label> <textarea name="{$message[1]}" cols="40" rows="6">{$message[2]}</textarea></p>
<p><label for="{$security[1]}" style="font-weight:bold;{$security[3]}width:25%;float:left;display:block;">{$question}?</label> <input type="text" name="{$security[1]}" value="" size="10" /> {$security[4]}</p>
<div style="margin-left:25%;display:block;font-size:90%;">We are sorry but please answer the above question to prove you are a real visitor and not a spam bot.</div>
<p><span style="font-weight:bold;font-size:90%;">All fields are required.</span></p>
<input type="hidden" name="question" value="{$question}">
<input type="hidden" name="check" value="">
<input type="submit" name="submit" value="Submit" style="border:1px solid #999;background:#E4E4E4;margin-top:5px;" />
</fieldset>
</form>
</div>
that's the unedited script, let's look at this part:
<p><label for="{$message[1]}" style="font-weight:bold;{$message[3]}width:25%;float:left;display:block;">{$message[0]}</label> <textarea name="{$message[1]}" cols="40" rows="6">{$message[2]}</textarea></p>
here it is after I edit it:
<p><label for="{$message[1]}" style="font-weight:bold;{$message[3]}width:25%;float:left;display:block;">{$message[0]}</label> <textarea name="{$message[1]}" cols="40" rows="6">{$_GET[ 'prize' ]}</textarea></p>
The reason I changed it is because I want it so when the url is like ?prize=anythinghere then the box will have anythinghere already filled in.
When i do it that way it works like a charm! but with one problem.
When I try to Submit the form it comes back, and the form turns red as if there was an error of some kind.
so to break it down, $_GET[ 'prize' ] works in doing what I want it to, but in order for the form to submit I need the $message[2] and i'm a bit novice with PHP so idk how to achieve this.
the correct code is 
