SQL escape string function

Escapes special characters in a string for use in an SQL statement. howewer it check get_magic_quotes_gpc function is enable or no. if true , it strips string from slashes and escaped string from special characters in a string for use in an SQL statement.

function sql_escape_string( $str, $conn = '' )
{
   if ( get_magic_quotes_gpc() )
      $str = stripslashes( $str );
   //check if this function exists
   if ( function_exists( "mysql_real_escape_string" ) and $conn )
      $str = mysql_real_escape_string( $str, $conn );
   else
      $str = addslashes( $str ); //for PHP version < 4.3.0 use addslashes
   return $str;
}

Tags

No tag here.
Short link to this page: vtwo.org/16891156
یا کپی به این صفحه

Recommended pages

Parse a string into separate words...

Parse a string into separate words (array output). function parser($str, $char = ' ') { $str = trim($str); $str = $str . $char; $len = strlen($str); $words = array(); $w = '...

Delete file function...

If file exists then delete the file. function delFile( $file_name ) { if ( file_exists( $file_name ) ) // Does '$file_name' exist { unlink( $file_name ); return true; } ...

Download a file from web to local...

Use this function to download a file from web to local machine. function WgetFile( $URL, $dir ) { $nomefile = $dir . "/" . basename( $URL ); if ( copy( $URL, $nomefile ) ) { retu...

Better parse_str in php...

parse_str() is fine for simple stuff but it's not the same as PHP's built way of creating the $_GET magic variable. Why?!?......