Over a million developers have joined DZone.

Smart MySQL Escape Function

This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		if ( !is_numeric($text) ) {
			$text = mysql_real_escape_string($text);
		return $text;

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}