Return to Snippet

Revision: 1456
at October 9, 2006 11:29 by sorehead


Updated Code
<?
/*
Smart MySQL Escape Function

This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
*/

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		}
		
		if ( !is_numeric($text) ) {
			
			$text = mysql_real_escape_string($text);
			
		}
		
		return $text;
		
	}
?>

Revision: 1455
at October 9, 2006 11:28 by sorehead


Initial Code
<?
/*
Smart MySQL Escape Function

This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.

A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
*/

	// check to see if a string needs to be escaped for database input
	function escapeit ( $text ) {
		
		if ( get_magic_quotes_gpc() ) {
			$text = stripslashes($text);
		}
		
		if ( !is_numeric($text) ) {
			
			$text = mysql_real_escape_string($text);
			
		}
		
		return $text;
		
	}
?>

Initial URL
http://www.bigbold.com/snippets/posts/show/1533

Initial Description
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

Initial Title
Smart MySQL Escape Function

Initial Tags
mysql, function

Initial Language
PHP