// Save sponsor?
if ($SAVE === true) {
// Default is no force even when a guest want to abuse this force switch
- if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = 0;
+ if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
// SQL and message string is empty by default
$sql = ''; $message = '';
// Generate message
$message = getMessageFromIndexedArray(getMessage('ADMIN_SPONSOR_UPDATED'), 'updated', $messageArray);
$ret = "updated";
- } elseif (($ALREADY === false) || (($postData['force'] == '1') && (isAdmin()))) {
+ } elseif (($ALREADY === false) || (($postData['force'] == 1) && (isAdmin()))) {
// Add new sponsor, first add more data
$DATA['keys'][] = 'sponsor_created'; $DATA['values'][] = time();
$DATA['keys'][] = 'status';
$OUT = '';
foreach ($postData as $k => $v) {
// Do not add 'force' !
- if ($k != "force") {
- $OUT .= "<input type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\" />\n";
- }
- }
+ if ($k != 'force') {
+ $OUT .= "<input type=\"hidden\" name=\"" . SQL_ESCAPE($k) . "\" value=\"" . SQL_ESCAPE($v) . "\" />\n";
+ } // END - if
+ } // END - foreach
+
+ // Remember data
$content['hidden'] = $OUT;
$content['email'] = $postData['email'];