mysql_real_escape_string addslashes....

I've to put datas from user's input in a database.

I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
case "boolean":
$theValue = ($theValue == "on" or $theValue == "ON") ? "1" : "0";
break;
case "textLike":
$theValue = ($theValue != "") ? "'%" . $theValue . "%'" : "NULL";
break;

}
return $theValue;
}

I've slighthly modified it for my needs. Now, I've seen I've to use
mysql_real_escape_string for avoiding injection attack. Here are the points
I've to keep in mind for this function: (note the difference between ' and
`)
the stings may be:
O'Reilly
O`Reilly

the numbers may be:
10000
10'000
10`000

I'm thinking of putting this code, but don't know if it's the better way

$theValue = mysql_real_escape_string((get_magic_quotes_gpc()) ?
stripslashes($theValue) : $theValue);

any help would greately be appreciated.

Bob