db_escape_string

Prepare user input for use in a database query, preventing SQL injection attacks.

Name	Description
Database abstraction layer	Allow the use of different database servers using the same code base.

function db_escape_string($text) { 

  global $active_db; 

  return mysqli_real_escape_string($active_db, $text); 

}

api.drupal.org BETA