Posted By

sorehead on 10/09/06


Tagged

escape mysql function checks automatically prepares


Versions (?)

Who likes this?

6 people have marked this snippet as a favorite

meth
millisami
blakeb
vali29
eunjoo1984
umang_nine


Smart MySQL Escape Function


 / Published in: PHP
 

URL: http://www.bigbold.com/snippets/posts/show/1533

This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything. A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.

  1. <?
  2. /*
  3. Smart MySQL Escape Function
  4.  
  5. This function first checks to see if PHP is set to automagically quote stuff. If it is, we first strip pre-quoted stuff, then (assuming our text isn't numeric), we properly quote everything.
  6.  
  7. A good bit of room for improvement here, but at the very least, you should hit this before inserting anything into your database.
  8. */
  9.  
  10. // check to see if a string needs to be escaped for database input
  11. function escapeit ( $text ) {
  12.  
  13. $text = stripslashes($text);
  14. }
  15.  
  16. if ( !is_numeric($text) ) {
  17.  
  18. $text = mysql_real_escape_string($text);
  19.  
  20. }
  21.  
  22. return $text;
  23.  
  24. }
  25. ?>

Report this snippet  

You need to login to post a comment.