+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ //reset default if second parameter is skipped
+ $nullify = ($nullify === null) ? (false) : ($nullify);
+
+ //check for null/unset/empty strings
+ if ((!isset($value)) || (is_null($value)) || ($value === "")) {
+ $value = ($nullify) ? ("NULL") : ("''");
+ } else {
+ if (is_string($value)) {
+ //value is a string and should be quoted; determine best method based on available extensions
+ if (function_exists('mysql_real_escape_string')) {
+ $value = "'" . mysql_real_escape_string($value) . "'";
+ } else {
+ $value = "'" . mysql_escape_string($value) . "'";
+ }
+ } else if (!is_numeric($value)) {
+ //value is not a string nor numeric
+ display_error("ERROR: incorrect data type send to sql query");
+ echo '<br><br>';
+ exit();
+ }
+ }
+ return $value;