$spath = $_POST['countryname'];
str_replace(" ", "", $spath);

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO country (name, `path`, code) VALUES (%s, %s, %s)",
                       GetSQLValueString($_POST['countryname'], "text"),
                       GetSQLValueString($spath, "text"),
                       GetSQLValueString($_POST['flag'], "text"));