Over a million developers have joined DZone.

Smart MySQL Escape Function

DZone's Guide to

Smart MySQL Escape Function

· ·
Free Resource
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		if ( !is_numeric($text) ) {
			$text = mysql_real_escape_string($text);
		return $text;

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}