I always appreciate it when somebody takes the time and trouble to share their work. This is to be encouraged. It's with great reluctance then, that I am critical of this script.
However, it has to be said - THIS SCRIPT IS DANGEROUS.
The absence of even the most basic input validation and the use of the GET method for passing parameters means that any server running it would be wide open not just to attacks against the site itself, but also to cross site scripting attacks against visitors.