Over a million developers have joined DZone.

Smart MySQL Escape Function

DZone's Guide to

Smart MySQL Escape Function

Free Resource
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		if ( !is_numeric($text) ) {
			$text = mysql_real_escape_string($text);
		return $text;

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}