Passing 2 variables across error

I have created this script that is supposed to limit the selections on the results page but it isn’t working correctly.

Now if I use the code below and delete the year section it works fine and if i remove the name section it works fine, but as soon as I put the 2 together it fails, does anyone know why?


<?php include("database.php");

$query = ("SELECT name, year FROM company ;");


$result = mysql_query($query) or die("Query Failed: " . mysql_error());

$num_rows = mysql_num_rows($result);

?>


<form action="team-selection.php" method="get" class="forms">
<select name="name">
<?php

if(mysql_num_rows($result)==0){
}else{
while($row=mysql_fetch_array($result)){
?>
<option value="<?php echo($row['name']); ?>"><?php echo($row['name']); 
?> </option>

<?php
}
}
?>
</select>

<select name="year">
<option value="2009">2009</option>
<option value="2010">2010</option>
</select>
<input type="submit" class="submit">

Results page

&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /&gt;
&lt;title&gt;Untitled Document&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;


&lt;?php include("database.php");?&gt;

&lt;?php

if (isset($_GET['name']))
{$name = $_GET['name'];}
elseif (isset($_GET['year']))
{$year = $_GET['year'];}

$query = ("SELECT * FROM `all-data` JOIN `company` ON `HT` = '$name' AND `name` = '$name' OR `AT` = '$name' AND `name` = '$name' WHERE year = '$year' ORDER BY date ASC ;");


$result = mysql_query($query) or die("Query Failed: " . mysql_error());

$num_rows = mysql_num_rows($result);

if ($num_rows == 1)

{echo "Currently there is $num_rows result in the sales contact table";}

else

{echo "Currently there are $num_rows results in the sales contact table";}



echo '&lt;table class="sortable"&gt;';

echo '&lt;tr&gt;&lt;th&gt;date&lt;/th&gt;&lt;th&gt;HT&lt;/th&gt;&lt;th&gt;AT&lt;/th&gt;&lt;th&gt;FTHG&lt;/th&gt;&lt;th&gt;FTAG&lt;/th&gt;&lt;/tr&gt;';



$color1 = "#ffffff"; 

$color2 = "#ebeced"; 

$row_count = 0;



while($row = mysql_fetch_assoc($result))

{

$row_color = ($row_count % 2) ? $color1 : $color2;

echo '&lt;tr bgcolor="' . $row_color . '"&gt;';

echo '&lt;td&gt;' . $row['Date'] . '&lt;/td&gt;'; 

echo '&lt;td&gt;' . $row['HT'] . '&lt;/td&gt;';

echo '&lt;td&gt;' . $row['AT'] . '&lt;/td&gt;';

echo '&lt;td&gt;' . $row['FTHG'] . '&lt;/td&gt;';

echo '&lt;td&gt;' . $row['ATHG'] . '&lt;/td&gt;';

echo '&lt;/tr&gt;';

$row_count ++;

}

echo '&lt;/table&gt;';

?&gt;


&lt;/body&gt;
&lt;/html&gt;

both year and name must always be set, yes? Otherwise abort?


if( !isset($_GET['name'] || !isset($_GET['year'] ) ) {
// abort early
// redirect back to form?

}

// from now on you know they are set
// you could now check they are valid values ... but at least
// ESCAPE THEM ready for the next environment (mysql)
$name = mysql_real_escape_string($_GET['name']);
$year = mysql_real_escape_string($_GET['year']);