It's not always possible to manually escape each of these special characters, not to mention what you typically do with forms that are automatically submitted.
Therefore, you should use the Mysql_real_escape_string function:
Mysql_real_escape_string-escapes special characters in the string used in the SQL statement, taking into account the current character set of the connection.
Note, however, that the function does not escape% and _. In addition, it is best not to use the function for the entire SQL statement, but to escape only the string parameters of the incoming SQL statement, otherwise unexpected results will occur.
Examples of scripts:
Copy CodeThe code is as follows:
$item = "Zak s and Derick ' s Laptop";
$escaped _item = mysql_real_escape_string ($item);
printf ("Escaped string:%s\n", $escaped _item);
?>
http://www.bkjia.com/PHPjc/323641.html www.bkjia.com true http://www.bkjia.com/PHPjc/323641.html techarticle It's not always possible to manually escape each of these special characters, not to mention what you typically do with forms that are automatically submitted. Therefore, you should use the Mysql_real_escape_string function ...