This is a detailed tutorial on back-end web development in PHP. I'll be teaching basic CRUD functionalities, authentication, and security not a membership system. Apr 27, 2020 The mysqlirealescapestring function is an inbuilt function in PHP which is used to escape all special characters for use in an SQL query. It is used before inserting a string in a database, as it removes any special characters that may interfere with the query operations. Errors/Exceptions: If we execute the mysqlrealescapestring function without establishing the connection of function with the mysql server then it will throw an Ewarning message. Mysqlrealescapestring function will only get executed when the full connection is established with the mysql server. Mysqlirealescapestring (mysqli $mysql, string $string): string This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to produce an escaped SQL string, taking into account the current character set of the connection.
(PHP 4 >= 4.0.3, PHP 5)
mysql_escape_string — Escapes a string for use in a mysql_query
Warning
This function was deprecated in PHP 4.3.0, and itand the entire original MySQL extension was removed in PHP 7.0.0.Instead, use either the actively developed MySQLi or PDO_MySQL extensions.See also the MySQL: choosing an API guide.Alternatives to this function include:
Description
mysql_escape_string ( string
$unescaped_string
) : string This function will escape the
unescaped_string
, so that it is safe to place it in a mysql_query(). This function is deprecated. Mysqli Escape String Php
This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
Parameters
unescaped_string
The string that is to be escaped.
Examples
Example #1 mysql_escape_string() example
<?php
$item = 'Zak's Laptop';
$escaped_item = mysql_escape_string($item);
printf('Escaped string: %sn', $escaped_item);
?>
Notes
Mysqli_escape_string How To Use
Note:
mysql_escape_string() does not escape
%
and _
. See Also
- mysql_real_escape_string() - Escapes special characters in a string for use in an SQL statement
- addslashes() - Quote string with slashes
- The magic_quotes_gpc directive.
6 years ago
You can use this function safely with your MySQL database queries if and only if you are sure that your database connection is using ASCII, UTF-8, or ISO-8859-* and that the backslash is your database's escape character. If you're not sure, then use mysqli_real_escape_string instead. This function is not safe to use on databases with multi-byte character sets.
The only benefit of this function is that it does not require a database connection.
Real Escape String Php
¶
10 years ago
The exact characters that are escaped by this function are the null byte (0), newline (n), carriage return (r), backslash (), single quote ('), double quote (') and substiture (SUB, or 032).
- MySQL Functions