Advanced Search

Smart MySQL Escape Function

/ Published in: PHP
Save to your folder(s)
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. <?
  2. /*
  3. Smart MySQL Escape Function
  4.  
  5. This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
  6.  
  7. A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
  8. */
  9.  
  10. 	// check to see if a string needs to be escaped for database input
  11. 	function escapeit ( $text ) {
  12.  
  13. 		if ( get_magic_quotes_gpc() ) {
  14. 			$text = stripslashes($text);
  15. 		}
  16.  
  17. 		if ( !is_numeric($text) ) {
  18.  
  19. 			$text = mysql_real_escape_string($text);
  20.  
  21. 		}
  22.  
  23. 		return $text;
  24.  
  25. 	}
  26. ?>

URL: http://www.bigbold.com/snippets/posts/show/1533

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.