The mysql_real_escape_string function is used to escape special characters in a string. This is done while that string is used as parameter of a MySQL statement.
(PHP 4 and above)
|connection||The MySQL connection. Before performing any operation on a MySQL database, it is required to set a connection to the mysql database you want to work with. And this is done by mysql_connect() function. This function takes three parameters, name of the host, username with which you want to perform tasks with the mysql database in question, and password of that user. As soon as a successful connection is established, you can perform the operations on that mysql database. In case, no such connection is found, it will try to create one without any arguments, i.e. mysql_connect() without any parameters. If it fails to connect to a mysql database, it will generate a warning (E_WARNING) but not an error.||Optional||Resource|
Returns the escaped string, or FALSE on error.
Value Type : String..
<?php $con = mysql_connect("localhost", "root", "mypass"); $selectdb = mysql_select_db("tutorials"); ?>*/ <form name="w3rform" method="POST" action="example-mysql-real-escape-string.php"> Input a topic :<input type="text" name="topic" /> <input type="submit" name="submit" value="SUbmit" /> </form> <?php $topic = mysql_real_escape_string($_POST['topic']); $sql = mysql_query(select no_of_pages,no_of_examples,author from tutorials where name = '$topic'); $result = mysql_query($sql); $row = mysql_fetch_array($result); echo "No of pages, no of examples and author for ".$topic."are : <br />"; echo $row['no_of_pages'].",".$row['no_of_examples'].",".$row['author']; mysql_close($con); ?>