PHP mysqli: real_escape_string() function
mysqli_real_escape_string() function / mysqli::real_escape_string
The mysqli_real_escape_string() function / mysqli::real_escape_string escapes special characters in a string for use in an SQL statement.
Syntax:
Object oriented style
string mysqli::escape_string ( string $escapestr )
string mysqli::real_escape_string ( string $escapestr )
Procedural style
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
Parameter:
Name | Description | Required/Optional | |
---|---|---|---|
link | A link identifier returned by mysqli_connect() or mysqli_init() | Required for procedural style only and Optional for Object oriented style | |
escapestr | The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z. |
Required |
Usage: Procedural style
mysqli_real_escape_string(connection,escapestring);
Parameter:
Name | Description | Required/Optional |
---|---|---|
connection | Specifies the MySQL connection to use | Required |
escapestring | The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z. | Required |
Return value:
Returns an escaped string.
Version: PHP 5, PHP 7
Example of object oriented style:
<?php
$mysqli = new mysqli("localhost", "user1", "datasoft123", "hr");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
$city = "Kalkata";
/* this query will fail, cause we didn't escape $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", $mysqli->sqlstate);
}
$city = $mysqli->real_escape_string($city);
/* this query with escaped $city will work */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
$mysqli->close();
?>
Example of procedural style:
<?php
$link = mysqli_connect("localhost", "user1", "datasoft123", "hr");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "Kalkata";
/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
Output:
Error: 42000 1 Row inserted.
See also
Previous: real_connect
Next: real_query
PHP: Tips of the Day
var_export(): var_export() dumps a PHP parseable representation of the item.
You can pass true as the second parameter to return the contents into a variable.
Example:
<?php $myarray = [ "PHP", "Tips" ]; $mystring = "PHP Tips"; $myint = 28; var_export($myarray); var_export($mystring); var_export($myint); ?>
Output:
array ( 0 => 'PHP', 1 => 'Tips', )'PHP Tips'28
To put the content into a variable, you can do this:
$array_export = var_export($myarray, true); $string_export = var_export($mystring, true); $int_export = var_export($myint, 1); // any `Truthy` value
After that, you can output it like this:
printf('$myarray = %s; %s', $array_export, PHP_EOL); printf('$mystring = %s; %s', $string_export, PHP_EOL); printf('$myint = %s; %s', $int_export, PHP_EOL);
Example:
<?php $myarray = [ "PHP", "Tips" ]; $mystring = "PHP Tips"; $myint = 28; $array_export = var_export($myarray, true); $string_export = var_export($mystring, true); $int_export = var_export($myint, 1); printf('$myarray = %s; %s', $array_export, PHP_EOL); printf('$mystring = %s; %s', $string_export, PHP_EOL); printf('$myint = %s; %s', $int_export, PHP_EOL); ?>
This will produce the following output:
Output:
$myarray = array ( 0 => 'PHP', 1 => 'Tips', ); $mystring = 'PHP Tips'; $myint = 28;
- New Content published on w3resource:
- HTML-CSS Practical: Exercises, Practice, Solution
- Java Regular Expression: Exercises, Practice, Solution
- Scala Programming Exercises, Practice, Solution
- Python Itertools exercises
- Python Numpy exercises
- Python GeoPy Package exercises
- Python Pandas exercises
- Python nltk exercises
- Python BeautifulSoup exercises
- Form Template
- Composer - PHP Package Manager
- PHPUnit - PHP Testing
- Laravel - PHP Framework
- Angular - JavaScript Framework
- Vue - JavaScript Framework
- Jest - JavaScript Testing Framework