Implementation code to escape mysql statements in php
- 2020-05-09 18:17:09
- OfStack
You can't always manually escape every one of these special characters, and you're usually dealing with forms that are automatically submitted.
Therefore, the mysql_real_escape_string function should be used:
mysql_real_escape_string - escapes the special characters in the string used in the SQL statement, taking into account the current character set of the connection.
Note, however: this function does not escape % and _. In addition, it is best not to use this function for the entire sql statement, but to escape only the string arguments passed into the sql statement, otherwise unexpected results will occur.
Example script:
Therefore, the mysql_real_escape_string function should be used:
mysql_real_escape_string - escapes the special characters in the string used in the SQL statement, taking into account the current character set of the connection.
Note, however: this function does not escape % and _. In addition, it is best not to use this function for the entire sql statement, but to escape only the string arguments passed into the sql statement, otherwise unexpected results will occur.
Example script:
<?php
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %s\n", $escaped_item);
?>