function db_escape_string
| 6.x database.pgsql.inc | db_escape_string($text) |
| 6.x database.mysqli.inc | db_escape_string($text) |
| 6.x database.mysql.inc | db_escape_string($text) |
Prepare user input for use in a database query, preventing SQL injection attacks.
Related topics
1 call to db_escape_string()
- _db_query_callback in drupal-6.x/
includes/ database.inc - Helper function for db_query().
File
- drupal-6.x/
includes/ database.mysql.inc, line 327 - Database interface code for MySQL database servers.
Code
function db_escape_string($text) {
global $active_db;
return mysql_real_escape_string($text, $active_db);
}