function db_escape($str) { /* Apache automatically escaped the string already. */ if (get_magic_quotes_gpc()) return $str; else if (function_exists('mysql_real_escape_string')) return mysql_real_escape_string($str); else return mysql_escape_string($str); }