/*
    -------------------------------------------------------------------------------------
	Name:		PHP MySQLSafe
	Author:		Markus Diersbock
	Created:	3/17/2008

	Description:	Creates filtered strings, safe for MySQL Server tables.

	Arguments:	$str_in	Raw text 
				$str_type	Constant to filter on
				$rtn_size	Size of returned string (Use NULL for no limit)
				
	Returns:	Modified string (or NULL on error)
   -------------------------------------------------------------------------------------
*/
	// ---- SQLSafe Constants ----
	define("SQLSAFE_NAME",1);
	define("SQLSAFE_ALPHA",2);
	define("SQLSAFE_NUMBER",3);
	define("SQLSAFE_MONEY",4);
	define("SQLSAFE_PHONE_CLEAN",5);
	define("SQLSAFE_PHONE_DELIM",6);
	define("SQLSAFE_STREET",7);
	define("SQLSAFE_ZIP",8);
	define("SQLSAFE_EMAIL",9);
	define("SQLSAFE_MISC",10);

function mysql_safe($str_in, $str_type, $rtn_size){

	$str_rep = "";

	$str_in = str_replace("\\", "\\\\",$str_in);
	$str_in = str_replace("'", "\'",$str_in);
	$str_in = trim($str_in);

	switch($str_type){
		case SQLSAFE_NAME:		
			$valid_chars = "/[^'\-A-z0-9\s]/";
			break;
		case SQLSAFE_ALPHA:		
			$valid_chars = "/[^A-z]/";
			break;
		case SQLSAFE_NUMBER:
			$valid_chars = "/[\D]/";
			break;
		case SQLSAFE_MONEY:
			$valid_chars = "/[^0-9.]/";
			break;
		case SQLSAFE_PHONE_CLEAN:
			$valid_chars = "/[\D]/";
			break;
		case SQLSAFE_PHONE_DELIM:
			$valid_chars = "/[^\-0-9()+.x\s]/";
			break;
		case SQLSAFE_STREET:		
			$valid_chars = "/[^'\-.#A-z0-9\s]/";
			break;
		case SQLSAFE_ZIP:
			$valid_chars = "/[^\-0-9]/";
		case SQLSAFE_EMAIL:		
			$valid_chars = "/[^\-_.@A-z0-9]/";
			break;
		case SQLSAFE_MISC:		
			$valid_chars = "/[^!@#$%^&*+:';,?=~`\-_.A-z0-9\s]/";
			break;
		default:
			$valid_chars = NULL;
	}

	if(!is_null($valid_chars)){
		$rtn_str = preg_replace($valid_chars, $str_rep, $str_in);

		if(!is_null($rtn_size)&&is_numeric($rtn_size)){
			$rtn_str = substr($rtn_str,0,$rtn_size);
			$rtn_str = trim($rtn_str);
		}
	}else{
		$rtn_str = NULL;
	}

	return $rtn_str;
}