MySQL in a Nutshell

Name

mysql_escape_string( )

Synopsis

mysql_escape_string(string)

This returns the string given with special characters preceded by backslashes so that they are protected from being interpreted by the SQL interpreter. This function is used in conjunction with mysql_query( ) to help make SQL statements safe. It’s similar to mysql_real_escape_string( ).

...
$clientid = '1000';
$description = "Can't connect to network.";
$description = mysql_escape_string($description);
$sql_stmnt = "INSERT INTO workreq
              (date, clientid, description)
              VALUES(NOW( ), '$clientid', '$description')";
mysql_query($sql_stmnt);
...

The string contained in the $description variable contains an apostrophe, which would cause the SQL statement to fail. It will fail because the related value in the SQL statement is surrounded by single quotes; an apostrophe would be mistaken for a single quote, which has special meaning in MySQL.

Get MySQL in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

MySQL in a Nutshell by Russell J.T. Dyer

Name

Synopsis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly