What the code does is basically;
First it removes the effect of magic_quotes_gpc if and only if it's enabled in the server. It should not be since magic_quotes has been deprecated for a while (and removed entirely in new PHP versions).
Second, it encloses all non numeric values of
$value
in single quotes, and escapes the value usingmysql_real_escape_string
to avoid SQL injection in your value string.
Using recent versions of PHP, this method should not exist at all, since magic_quotes_gpc
should never be enabled, and you'd be using PDO
or MySQLi
parameterized queries that do not need their values to be escaped.