Name
mysql_escape_string —
Synopsis
unsigned int mysql_escape_string(char *to, const char *from, unsigned int length)
Encodes
a string so that it is safe to insert into a MySQL table. The first
argument is the receiving string, which must be at least one
character greater than twice the length of the second argument: the
original string. (That is, to
must be greater then
or equal to from*2+1
.) The third argument
indicates the number of bytes to be copied from the original string
and encoded. The function returns the number of bytes in the encoded
string, not including the terminating null character.
Tip
While not officially deprecated, this function is generally inferior
to the mysql_real_escape_string
function, which
does everything this function does, but also takes into account the
character set of the current connection, which may affect certain
escape sequences.
Example
char name[15] = "Bob Marley's"; char enc_name[31]; mysql_escape_string(enc_name, name); /* enc_name will now contain "Bob Marley\'s" (the single quote is escaped).
Get Managing & Using MySQL, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.