Untitled

<form action="query.php" method="post" />
Query<br><textarea cols="30" rows="8" name="sqlquery"></textarea><br>
Password<br><input type="password" name="userpass" /><br>
<input type="submit" />
</form>

<?php
$query = " " .  $_POST['sqlquery'] . " "pas;
$userpass = $_POST['userpass'];
$mysql_host = "*******";
$mysql_database = "*******";
$mysql_user = "*******";
$mysql_password = "*******";
$con = mysql_connect($mysql_host, $mysql_user, $mysql_password);
mysql_select_db ($mysql_database, $con);
        $result = mysql_query($query);
if ($userpass == '*******')
{
echo "<table border='1'>";
echo "<tr><th>First</th><th>Last</th><th>Email</th></tr>";
while($row = mysql_fetch_array($result))
  {
  echo "<tr><td>";
  echo $row['firstName'];
  echo "</td> <td> ";
  echo $row['lastName'];
  echo "</td><td>";
  echo $row['emailAddr'];
  echo "</td></tr>";
  }
echo "</table>";
echo "<br>" . $result;
mysql_close($con);
}

?>