function getSanitizedString($str) { //global $con; $data = new DataAccess('photo'); $con = $data->getConnection(); $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string"); // i.e. PHP >= v4.3.0 if ($new_enough_php) { // PHP v4.3.0 or higher // undo any magic quote effects so mysql_real_escape_string can do the work if ($magic_quotes_active) { $str = stripslashes($str); } $str = mysql_real_escape_string($str, $con); } else { // before PHP v4.3.0 // if magic quotes aren't already on then add slashes manually if (!$magic_quotes_active) { $str = addslashes($str); } // if magic quotes are active, then the slashes already exist } return $str; }