top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

What is the use of mysql_real_escape_string function?

0 votes
524 views
What is the use of mysql_real_escape_string function?
posted Jul 8, 2014 by Amanpreet Kaur

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

2 Answers

+1 vote

The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement

The following characters are affected:

  1. \x00
  2. \n
  3. \r
  4. \
  5. '
  6. "
  7. \x1a

Syntax

mysql_real_escape_string(string,connection)

So you can't escape entire query, just data... because it will escape all unsafe characters like quotes (valid parts of query).

If you try something like that (to escape entire query)

Example :

mysql_real_escape_string("INSERT INTO some_table VALUES ('xyz', 'abc', '123');");

Output:

INSERT INTO some_table VALUES (\'xyz\', \'abc\', \'123\');
answer Jul 9, 2014 by Sidharth Malhotra
0 votes

mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement.
It is used to avoid the SQL injection attacks. Like it makes only the authorized user to log into the account.

answer Jul 10, 2014 by Mohit Sharma
Similar Questions
+3 votes
What is the maximum size of database in mysql ?

I have started learning PHP and got a thought about mysql.

I did google and found this stack overflow link
http://stackoverflow.com/questions/625930/what-is-the-maximum-size-of-a-mysql-database-in-version-5-and-up

But there are less answers and more discussions. Can someone give me the right answer which has full description in it.

0 votes
I want to insert a value from an array into a column of sql table, but the content is not going into the table? 
for($i=0;$i<=feof($getdata);$i++)
{
if (filter_var($data[$i][1], FILTER_VALIDATE_EMAIL)){
echo $data[$i][1];
$email=$data[$i][1];
$conn = mysqli_connect($dbhost,$dbuser,$dbpass, $dbname);
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}
$sql ="INSERT INTO promo_user (uid,name,email) VALUES (,'', '$email')";
mysqli_query($sql,$conn);
mysqli_close($conn);

I am using the above code but there is something wrong with it,whenever i run the code the echo is working fine but the content does go into sql table

Please help

0 votes
How to display the last record of the field in a input box using PHP?

I have php script form which I used to input Members Details of my system into the MySQL database. My requirement is to display the last member's details in a input box.

...