Functions for escaping special characters in PHP MySQL
One is: mysql_escape_string
One is: addslashes
The difference between mysql_escape_string and addslashes is that
Mysql_escape_string always converts "'" to "\"
And addslashes
Convert "'" to "" When magic_quotes_sybase = on
Convert "'" to "\" When magic_quotes_sybase = off
PHP provides some functions to make your query statement meet your requirements, such as mysql_escape_string.
Reference a string and return a result. The result can be used as a properly escaped data value in an SQL statement. A string is enclosed by single quotes and returned, where each single quotation mark ("'"), backslash ("\"), ascii nul, and Control-Z appear in the string, A backslash is added before the character. If the parameter is null, The result value is the word "null" without single quotes ". Quote function is added in MySQL 4.0.3.
When writing data to a database, sometimes the string to be written contains some special characters, such as ',',/, %, etc, I don't know if MySQL has such escape functions, not those APIs.