Created
May 8, 2012 19:48
-
-
Save justinwhall/2638815 to your computer and use it in GitHub Desktop.
PHP: mysql_prep | escape data for mysql INSERTS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function mysql_prep( $value ) { | |
| $magic_quotes_active = get_magic_quotes_gpc(); | |
| $new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0 | |
| if( $new_enough_php ) { // PHP v4.3.0 or higher | |
| // undo any magic quote effects so mysql_real_escape_string can do the work | |
| if( $magic_quotes_active ) { $value = stripslashes( $value ); } | |
| $value = mysql_real_escape_string( $value ); | |
| } else { // before PHP v4.3.0 | |
| // if magic quotes aren't already on then add slashes manually | |
| if( !$magic_quotes_active ) { $value = addslashes( $value ); } | |
| // if magic quotes are active, then the slashes already exist | |
| } | |
| return $value; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment