dbType == "mysql") { if (function_exists('mysql_real_escape_string')) { // TODO: include the relevant connection id to take charset into account $value = "'" . mysql_real_escape_string($value) . "'"; } elseif (function_exists('mysql_escape_string')) { $value = "'" . mysql_escape_string($value) . "'"; } } else { $value = "'" . addslashes($value) . "'"; } return $value; } } ?>