Smart MySQL Escape Function
This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
1 2 // check to see if a string needs to be escaped for database input 3 function escapeit ( $text ) { 4 5 if ( get_magic_quotes_gpc() ) { 6 $text = stripslashes($text); 7 } 8 9 if ( !is_numeric($text) ) { 10 11 $text = mysql_real_escape_string($text); 12 13 } 14 15 return $text; 16 17 }
