Over a million developers have joined DZone.

Smart MySQL Escape Function

·
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.


	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		}
		
		if ( !is_numeric($text) ) {
			
			$text = mysql_real_escape_string($text);
			
		}
		
		return $text;
		
	}
Topics:

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}