Smart MySQL Escape Function


/ Published in: PHP
Save to your folder(s)

This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.


Copy this code and paste it in your HTML
  1. <?
  2. /*
  3. Smart MySQL Escape Function
  4.  
  5. This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
  6.  
  7. A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
  8. */
  9.  
  10. // check to see if a string needs to be escaped for database input
  11. function escapeit ( $text ) {
  12.  
  13. $text = stripslashes($text);
  14. }
  15.  
  16. if ( !is_numeric($text) ) {
  17.  
  18. $text = mysql_real_escape_string($text);
  19.  
  20. }
  21.  
  22. return $text;
  23.  
  24. }
  25. ?>

URL: http://www.bigbold.com/snippets/posts/show/1533

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.