db_escape_string From Online Manual

Jump to: navigation, search


$smcFunc['db_escape_string'] (uncleaned_string)

Description: Escapes strings for insertion into the database. The function does not require a database connection.
For MySQL addslashes is used, while for PostgreSQL pg_escape_string and for SQLite sqlite_escape_string as used.


  • uncleaned_string the string to be escaped.

Return: the escaped string.


// Add slashes to every element, even the indexes!
foreach ($var as $k => $v)
	$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);