http://www.php.net/mysql_real_escape_string
function mysql_prep($value){
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string");
// i.e PHP >= v4.3.0
if($new_enough_php){
//undo any magic quote effects so mysql_real_escape_string can do the work
if($magic_quotes_active){
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
}else{ // before PHP v4.3.0
// if magic quotes aren't already on this add slashes manually
if(!$magic_quotes_active){
$value = addslashes($value);
} //if magic quotes are avtive, then the slashes already exist
}
return $value;
}
No comments:
Post a Comment