PHP mysqli_real_escape_string() Function

PHP mysqli_real_escape_string() function escapes special characters in a string for use in an SQL statement.

Syntax

string mysqli_real_escape_string(connection, escapchar);

mysqli_real_escape_string() Function Parameter

Parameter	Description
connection :	Required parameter. The MySQL connection to be used
escapchar :	Required parameter. The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

mysqli_real_escape_string() Function Return Value

Return Values :	Returns an escaped string.

mysqli_real_escape_string() Function Example

<?php
$con = mysqli_connect("localhost","user","password","db");

if (mysqli_connect_errno())
{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$name = "d'souza";

// escape variables for security
$first_name = mysqli_real_escape_string($con, $name);

mysqli_query($con, "INSERT INTO employee (fname) VALUES ('$first_name')");

mysqli_close($con);
?>

« Previous