PHP select from list display results

Your post variables may not be set:

You assume $_POST['id'] and $_POST['title'] are always set. Also you place unsanitized post data in a mysql query. I can't see which form element relates to $_POST['title'] - there should be an element with name="title".

if ($_POST['id']=="") { 
    $NEW = $_POST['TITLE'];
}else{
    $NEW = $_POST['id'];
}
$result = mysql_query("SELECT * FROM logins WHERE Title='$NEW'");

If the form is sent, $_POST['id'] should always contain a value. I'm a little confused as to the naming of your vars - 'id' suggests and integer value, e.g. an autoincremented primary key (not always the case though) and 'title' suggests a string of some description.

Maybe something like this?

if(isset($_POST['id'])){

    $title = mysql_real_escape_string($_POST['id']);

    $result = mysql_query("SELECT * FROM logins WHERE Title='$title'");
    while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
        print "\n<b>".$row{'TitleName'}."</b><ol style=\"margin-top: 0in; margin-bottom: 0in\" type=\"circle\">";
        print "\n<li>Website: <a href=\"".$row['Website']."\" target=\"_blank\">".$row['Website']."</a></li>";
        print "\n<li>Website2: <a href=\"".$row['Website2']."\" target=\"_blank\">".$row['Website2']."</a></li>";
        print "\n<li>UserEmail: ".$row['UserEmail']."</li>";
        print "\n<li>User: ".$row['User']."</li>";
        print "\n<li>Pass: ".$row['Pass']."</li>";
        print "\n<li>Notes: ".$row['Notes']."</li>";
        print "\n</ol>
    }    
}

You should also be aware that mysql_* functions are approaching the end of the road. Consider moving to mysqli_* or PDO. In addition, consider placing inline styling to a CSS file or to a style tag at the very least.

The if(isset($_POST['id'])) piece of code fixed my problem! Thank you very much!

'id' was just the select name I chose for my drop down box. And 'Title' was an abbreviated version of the full name that I had used as the primary key, altho if I were to do this again today I would prefer to use a unique auto gen number.

I'm not sure I understand the "posting unsanitized data" remark. I pulled from MySql to generate a drop-down list and selected/filtered my query based on that.

This code was written by me over 6 years ago and it grew like patchwork with a lot of copy and pasting. I had written an UPDATE, ADD NEW, and DELETE page to go with this lookup page. Apparently something changed with the new itterations of PHP / MySql which broke my code.It was designed to be a simple database to keep track of login, username and passwords with links to the accompanying pages. Other pages in my site would have instructions on what to do once at the page. Style and formatting were never a real concern altho I will research further into what you mean by PDO and the mysqli_* functions. My best bet may be to start from scratch and recreate the 4 pages, because the other three are broken as well.

Do you have any links or directions you can point me in to create a more clean / current code version of what I am trying to accomplish here? Thanks again.

I'm not sure I understand the "posting unsanitized data" remark.

This means you did not sanitize the $_POST variable before inserting it into your SQL query. This means you could be vulnerable to SQL injections. Pretty serious.

So, if you mean to keep using mysql_* functions for the time being, treat all input as suspicious and use mysql_real_escape_string() on all expected strings and intval() on all expected integers. ALternatively, you can use the built-in sanitize and filter functions:

http://php.net/manual/en/filter.filters.sanitize.php
http://www.php.net/manual/en/filter.filters.validate.php

However, mysql_* are to be deprecated soon, so you should think about moving on to using mysqli_* or PDO. Using parameterized queries can help reduce the risk of injection.