DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Chris has posted 2 posts at DZone. View Full User Profile

Smart MySQL Escape Function

  • submit to reddit
        This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		if ( !is_numeric($text) ) {
			$text = mysql_real_escape_string($text);
		return $text;