#native_company# #native_desc#

Escape data before its entered in a mysql database

By Dave Kiely
on February 9, 2007

I use this function when I am inputting data into a mysql database. It will insure that the data entered is inputted in a safe manner.

//Takes the data and returns the the escaped data 
function escData ($data) { 
   global $dbc; 
   if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }  
   return mysql_real_escape_string($data, $dbc); 

$sql = "INSERT INTO `tableName` (`name`) VALUES ('$someValue')"; 

$insert= mysql_query(escData($sql));