this is a variation of what I use in some other scripts which I just put into this one:
Code:
foreach($_POST as $varName => $value)
{
$dv=$value;
if (get_magic_quotes_gpc()) { $$varName = stripslashes($dv); }
if (!is_numeric($value)) { $$varName = mysql_real_escape_string($dv); }
};
foreach($_GET as $varName => $value)
{
$dv=$value;
if (get_magic_quotes_gpc()) { $$varName = stripslashes($dv); }
if (!is_numeric($value)) { $$varName = mysql_real_escape_string($dv); }
};