Posted by Toby A Inkster on 03/18/07 23:04

mun wrote:

> function quote_smart($value)
> {
> // Stripslashes
> if (get_magic_quotes_gpc()) {
> $value = stripslashes($value);
> }
> // Quote if not integer
> if (!is_numeric($value)) {
> $value = " ' " . mysql_real_escape_string($value) . " ' ";
> }
> return $value;
> }

Code defensively...

function quote_smart ($value)
{
if (is_numeric($value))
return $value;

if (get_magic_quotes_gpc())
$value = stripslashes($value);

if (function_exists('mysql_real_escape_string'))
return mysql_real_escape_string($value);

trigger_error("mysql_real_escape_string function does not exist!");
return addslashes($value);
}

Does that work OK? Try it a few times. Now check your PHP error log and
see if a surprise message awaits!

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

• Next in forum: Re: Mysql: Order by Replace ()
• Prev in forum: Re: Retrieving MySQL server's port value with PHP
• Thread view: Re: my_real_escape_string problem

[Reply to this message]