function getSanitizedString($str)
{
//global $con;
$data = new DataAccess('photo');
$con = $data->getConnection();
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string");
// i.e. PHP >= v4.3.0
if ($new_enough_php) {
// PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if ($magic_quotes_active) {
$str = stripslashes($str);
}
$str = mysql_real_escape_string($str, $con);
} else {
// before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if (!$magic_quotes_active) {
$str = addslashes($str);
}
// if magic quotes are active, then the slashes already exist
}
return $str;
}
