MySQL tutorial mysql_escape_string and mysql_real_escape_string Difference
Mysql_real_escape_string This function is to connect to the database tutorial before it can be used, while mysql_escape_string does not have this requirement, but does not escape% and _.
The mysql_real_escape_string () function escapes special characters in the string used in the SQL statement.
The following characters are affected:
X00
N
R
'
"
X1a
If successful, the function returns the escaped string. If it fails, it returns false.
*/
$link = mysql_connect (' mysql_host ', ' mysql_user ', ' Mysql_password ')
Or Die (Mysql_error ());
Query
$query = sprintf ("SELECT * from Users where user= '%s ' and password= '%s '")
Mysql_real_escape_string ($user),
Mysql_real_escape_string ($password));
/*
Note: mysql_escape_string () does not escape% and _.
This function is exactly the same as mysql_real_escape_string () except that mysql_real_escape_string () accepts a connection handle and transfers the string based on the current character set. Mysql_escape_string () does not accept connection parameters or the current character set settings.
*/
$item = "Zak ' s laptop";
$escaped _item = mysql_escape_string ($item);
printf ("Escaped string:%sn", $escaped _item);