The mysql_real_escape_string()
function escapes special characters in a string for use in an SQL statement
The following characters are affected:
- \x00
- \n
- \r
- \
- '
- "
- \x1a
Syntax
mysql_real_escape_string(string,connection)
So you can't escape entire query, just data... because it will escape all unsafe characters like quotes (valid parts of query).
If you try something like that (to escape entire query)
Example :
mysql_real_escape_string("INSERT INTO some_table VALUES ('xyz', 'abc', '123');");
Output:
INSERT INTO some_table VALUES (\'xyz\', \'abc\', \'123\');