function defend_sql($string, $force = 1) {
$preg = "select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile";
if(!get_magic_quotes_gpc() || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
if (preg_match("/".$preg."/is",$string) == 1){
$string = preg_replace("/".$preg."/is","",$string);
}
$string = addslashes($string);
}
}
return $string;
}