- // Secure string first? (which is the default behaviour!)
- if ($secureString) {
- // Then do it here
- $str = secureString($str, $strip);
+ // Do we have cache?
+ if (!isset($GLOBALS['sql_escapes'][''.$str.''])) {
+ // Secure string first? (which is the default behaviour!)
+ if ($secureString === true) {
+ // Then do it here
+ $str = secureString($str, $strip);
+ } // END - if
+
+ if (!SQL_IS_LINK_UP()) {
+ // Fall-back to smartAddSlashes() when there is no link
+ $ret = smartAddSlashes($str);
+ } elseif (function_exists('mysql_real_escape_string')) {
+ // The new and improved version
+ //* DEBUG: */ print(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):str={$str}<br />");
+ $ret = mysql_real_escape_string($str, SQL_GET_LINK());
+ } elseif (function_exists('mysql_escape_string')) {
+ // The obsolete function
+ $ret = mysql_escape_string($str, SQL_GET_LINK());
+ } else {
+ // If nothing else works, fall back to smartAddSlashes() again
+ $ret = smartAddSlashes($str);
+ }
+
+ // Cache result
+ $GLOBALS['sql_escapes'][''.$str.''] = $ret;