HTML Purifier XSS doesn't work

HTML Purifier XSS doesn't work

I have created a game called Staroids
I just want to allow the user to enter plain text as the name.
I have created validation client side (in JavaScript), but my friend who
knows a lot of XSS managed to hack into the leaderboard within a few
minutes and told me to look at HTML Purify to make it more secure.
I have read through installation process and have done what it says, but
when I now run the game then submit the score it empties the name field
and submits a blank name.
Here is my php code:
<?php
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
$seconds = $_POST['seconds'];
$kills = $_POST['kills'];
$deaths = $_POST['deaths'];
$wave = $_POST['wave'];
$score = $_POST['score'];
$name = mysql_real_escape_string($_POST['name']);
$hash = $_POST['hash'];
$date = $_POST['date'];
$time = $_POST['time'];
$timezone = $_POST['timezone'];
$userdata = $_POST['userdata'];
$display = $_POST['display'];
mysql_connect("localhost", "root", "password");
mysql_select_db("staroids");
mysql_query("INSERT INTO scores (seconds, kills, deaths, wave, score,
name, hash, date, time, timezone, userdata, display) VALUES
('$seconds', '$kills', '$deaths', '$wave', '$score', '$name', '$hash',
'$date', '$time', '$timezone', '$userdata', '$display')");
mysql_close($connect);
?>
I am grabbing the name variable from the html page and and this is what I
wanted to validate / purify to stop users using XSS to hack into the
leaderboard.