advanced code snippet search

Posted By

sarfraznawaz2005 on 02/07/09


Tagged

quote quotes addslashes getmagicquotesgpc mysqlrealescapestring


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

jfherring
vali29
BrianCoyDesign


Smart Quotes

 / Published in: PHP
 

Sometimes when you use addslashes, you may end up with double // in front of the string and start getting incorrect results, this is because is getmagicquotesgpc on. This function let's you add just single slash to the string irrespective of the setting of getmagicquotesgpc.

Expand | Embed | Plain Text 
  1. // quote variable to make safe
  2. function quote_smart($value)
  3. {
  4.     if (get_magic_quotes_gpc())
  5.     {
  6.         $value = stripslashes($value);
  7.     }
  8.  
  9.     if (!is_numeric($value))
  10.     {
  11.         $value = mysql_real_escape_string($value);
  12.     }
  13.  
  14.     return $value;
  15. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: MMDeveloper on February 20, 2009

you should also check for the result of mysqlrealescapestring and if it's false, use mysqlirealescapestring since new installations of PHP dont use mysql, they use mysqli... Might be better as a try/catch statement but I think a simple

if ( ($value = mysqlrealescapestring($value) === false) { $value = mysqlirealescapestring($value); } else {}

even then you should check the response of mysqlirealescape_string for a false (mysqli not installed).. but I guess you gotta draw the line and stop somewhere :P

You need to login to post a comment.