mysql_escape_string

string mysql_escape_string(string string) 

Prepares a string for use in a MySQL query.

Returns:

String

Description:

mysql_escape_string() replaces characters that have a special meaning in MySQL with an escape sequence. The function is used to escape the individual values for a query, rather than an entire query string. For example:

// Wrong 
$name = "Jimmy U'luue"; 
$query = "INSERT INTO table (name) VALUES ('$name')"; 
$query = mysql_escape_string ($query); 

// Right 
$name = "Jimmy U'luue"; 
$name = mysql_escape_string ($name); 
$query = "INSERT INTO table (name) VALUES ('$name')"; 

In the first example listed, the query will be converted to INSERT INTO table (name) VALUES (\'Jimmy U\'luue\'). This is no longer a valid query, ...

Get PHP Functions Essential Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.