MySQL string escaping in PHP

Posted on December 26, 2009

Simple function to prepare user inputted data for inserting into a MySQL database. It simply checks if stripslashes() should be called, and then escapes the string. Basic, but handy.

function mysql_escape($string) {
    if (get_magic_quotes_gpc() == 1) {
        $string = stripslashes($string);
    }
    $string = mysql_real_escape_string($string);
    return $string;
}
This entry was posted in Code Stuff and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>