$OUT = '';
foreach ($postData as $k => $v) {
// Do not add 'force' !
- if ($k != "force") {
- $OUT .= "<input type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\" />\n";
- }
- }
+ if ($k != 'force') {
+ $OUT .= "<input type=\"hidden\" name=\"" . SQL_ESCAPE($k) . "\" value=\"" . SQL_ESCAPE($v) . "\" />\n";
+ } // END - if
+ } // END - foreach
+
+ // Remember data
$content['hidden'] = $OUT;
$content['email'] = $postData['email'];