// Save sponsor?
if ($SAVE === true) {
// Default is no force even when a guest want to abuse this force switch
- if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = 0;
+ if ((empty($postData['force'])) || (!isAdmin())) $postData['force'] = '0';
// SQL and message string is empty by default
$sql = ''; $message = '';
$OUT = '';
foreach ($postData as $k => $v) {
// Do not add 'force' !
- if ($k != "force") {
- $OUT .= "<input type=\"hidden\" name=\"".$k."\" value=\"".stripslashes($v)."\" />\n";
- }
- }
+ if ($k != 'force') {
+ $OUT .= "<input type=\"hidden\" name=\"" . SQL_ESCAPE($k) . "\" value=\"" . SQL_ESCAPE($v) . "\" />\n";
+ } // END - if
+ } // END - foreach
+
+ // Remember data
$content['hidden'] = $OUT;
$content['email'] = $postData['email'];