That's an absolutely horrifying piece of PHP code. For your own safety and the safety of others: please don't ever use that code.
It has many vulnerabilities: it uses the mysql library, which has been obsolete for years. It was first superseded by mysqli, and now by PDO.
On top of that, you are insert text from the request directly into the query. They should be escaped to prevent SQL injection. Also, you should be using prepared statements instead of string concatenation.
Take a look at how it's done here.
Pieter