DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world
Smart MySQL Escape Function
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
// check to see if a string needs to be escaped for database input
function escapeit ( $text ) {
if ( get_magic_quotes_gpc() ) {
$text = stripslashes($text);
}
if ( !is_numeric($text) ) {
$text = mysql_real_escape_string($text);
}
return $text;
}
