PHP Australia Conference 2015

mysql_escape_string

(PHP 4 >= 4.0.3, PHP 5)

mysql_escape_stringEscapes a string for use in a mysql_query

Description

string mysql_escape_string ( string $unescaped_string )

This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.

Warning

This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

Parameters

unescaped_string

The string that is to be escaped.

Return Values

Returns the escaped string.

Changelog

Version Description
5.3.0 This function now throws an E_DEPRECATED notice.
4.3.0 This function became deprecated, do not use this function. Instead, use mysql_real_escape_string().

Examples

Example #1 mysql_escape_string() example

<?php
$item 
"Zak's Laptop";
$escaped_item mysql_escape_string($item);
printf("Escaped string: %s\n"$escaped_item);
?>

The above example will output:

Escaped string: Zak\'s Laptop

Notes

Note:

mysql_escape_string() does not escape % and _.

See Also

add a note add a note

User Contributed Notes 1 note

up
-10
s dot marechal at jejik dot com
3 years ago
The exact characters that are escaped by this function are the null byte (0), newline (\n), carriage return (\r), backslash (\), single quote ('), double quote (") and substiture (SUB, or \032).
To Top