Name
mysql_escape_string( )
Synopsis
mysql_escape_string(string
)
This
returns the string given with special characters preceded by
backslashes so that they are protected from being interpreted by the
SQL interpreter. This function is used in conjunction with
mysql_query( )
to help make SQL statements safe.
It’s similar to mysql_real_escape_string(
)
.
... $clientid = '1000'; $description = "Can't connect to network."; $description = mysql_escape_string($description); $sql_stmnt = "INSERT INTO workreq (date, clientid, description) VALUES(NOW( ), '$clientid', '$description')"; mysql_query($sql_stmnt); ...
The string contained in the $description
variable
contains an apostrophe, which would cause the SQL statement to fail.
It will fail because the related value in the SQL statement is
surrounded by single quotes; an apostrophe would be mistaken for a
single quote, which has special meaning in MySQL.
Get MySQL in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.