Manual

escape functions

sqlquote($string) {#sqlquote}

return escaped string using $DB escape and checks if magic quotes enabled

addrslashes($array) {#addrslashes}

return recursively escaped array using sql_quote finction

Try myPortal 2: