/**
  * @return string
  * @param MySqlConnection $conn
  * @param string $s_text
  * @param bool $allow_html
  * @desc Protect and quote string going into the db from SQL injection attacks. Assumes Magic Quotes are not in use.
  */
 public static function ProtectString(MySqlConnection $conn, $s_text, $allow_html = true)
 {
     # no need for htmlspecialchars() because htmlentities() is applied to all data coming in
     if (!$allow_html) {
         $s_text = strip_tags($s_text);
     }
     return "'" . $conn->EscapeString($s_text) . "'";
 }