Untitled

<?PHP
$hostname = "websqurl.db.8248509.hostedresource.com";
$database = "websqurl";
$username = "websqurl";
$password = "Sicm1149!";
$connection = mysql_connect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR);

function sanitize($value, $type)
{
  $value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

  switch ($type) {
    case "text":
      $value = ($value != "") ? "'" . $value . "'" : "NULL";
      break;
    case "long":
    case "int":
      $value = ($value != "") ? intval($value) : "NULL";
      break;
    case "double":
      $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
      break;
    case "date":
      $value = ($value != "") ? "'" . $value . "'" : "NULL";
      break;
  }

  return $value;
}

//include the connection file

require_once('websqurlsubmission.php');

//save the data on the DB and send the email

if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
    //recieve the variables

    $name = $_POST['name'];
    $email = $_POST['email'];
    $sitename = $_POST['sitename'];
    $url = $_POST['url'];
    $cat = $_POST['category'];
    $subcat = $_POST['subcategory'];
}

//save the data on the DB

mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO websqurlsubmit (name, email, sitename, url, category, subcategory) VALUES (%s, %s, %s, %s, %s, %s)",
                        sanitize($name, "text"),
                        sanitize($email, "text"),
                        sanitize($sitename, "text"),
                        sanitize($url, "text"),
                        sanitize($cat, "text"),
                        sanitize($subcat, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

//form validation

/*
 *  Specify the field names that are in the form. This is meant
 *  for security so that someone can't send whatever they want
 *  to the form.
 */
$allowedFields = array(
    'name',
    'email',
    'sitename',
    'url',
    'category',
    'subcategory',
);

// Specify the field names that you want to require...
$requiredFields = array(
    'email',
    'sitename',
    'url',
    'category',
);

// Loop through the $_POST array, which comes from the form...
$errors = array();
foreach($_POST AS $key => $value)
{
    // first need to make sure this is an allowed field
    if(in_array($key, $allowedFields))
    {
        $$key = $value;

        // is this a required field?
        if(in_array($key, $requiredFields) && $value == '')
        {
            $errors[] = "The field $key is required.";
        }
    }
}

// were there any errors?
if(count($errors) > 0)
{
    $errorString = '<p>There was an error processing the form.</p>';
    $errorString .= '<ul>';
    foreach($errors as $error)
    {
        $errorString .= "<li>$error</li>";
    }
    $errorString .= '</ul>';

    // display the previous form
    include 'index.php';
}
else
{
    // At this point you can send out an email or do whatever you want
    // with the data...

    // each allowed form field name is now a php variable that you can access

    // display the thank you page
    header("Location: thankyou.html");
}

?>