See your code...
Code: Select all
$name = $_POST[sitename];
$url = $_POST[siteurl];
$desc = $_POST[sitedesc];
$cat = $_POST[sitecat];
$lang = $_POST[sitelang];
function sqlclean ($string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
sqlclean($name);
sqlclean($siteurl);
sqlclean($sitedesc);
sqlclean($sitecat);
sqlclean($sitelang);
Lets pretend you store what the function returns back in the variable. You moved the post data into $name, $url, $desc, $cat, and $lang. But then called the funtion on $name, $siteurl, $sitedesc, $sitecat, and $sitelang...
So for the last four, your variables are all confused. I was just pointing out that it'd be hard to tell what you cleaned and what you didn't. Depending on the php configuration, the $_Post data may not automatically be stored in variable names. So since you stored $_POST["siteurl"] in $url, and then cleaned $siteurl, you ran the function on a variable that didn't exist yet, so it had no value when the function was called.
So later on when you try to use those variables you don't know what's what... The code I posted above would eliminate that confusion.