function db_escape_string

6.x database.pgsql.inc db_escape_string($text)
6.x database.mysqli.inc db_escape_string($text)
6.x database.mysql.inc db_escape_string($text)

Prepare user input for use in a database query, preventing SQL injection attacks.

Related topics

Database abstraction layer
Allow the use of different database servers using the same code base.
1 call to db_escape_string()
_db_query_callback in drupal-6.x/includes/database.inc
Helper function for db_query().

File

drupal-6.x/includes/database.mysqli.inc, line 327
Database interface code for MySQL database servers using the mysqli client libraries. mysqli is included in PHP 5 by default and allows developers to use the advanced features of MySQL 4.1.x, 5.0.x and beyond.

Code

function db_escape_string($text) {
  global $active_db;
  return mysqli_real_escape_string($active_db, $text);
}