The mysqli_real_escape_string() function escapes special characters in a string for an SQL statement.
PHP mysqli_real_escape_string() Function has the following syntax.
mysqli_real_escape_string(connection,escapestring);| Parameter | Is Required | Description |
|---|---|---|
| connection | Required. | MySQL connection |
| escapestring | Required. | The not escaped string. |
It returns the escaped string.
Escape special characters in a string for an SQL statement
<?php//w w w. jav a 2 s .c o m
$con=mysqli_connect("localhost","my_user","my_password","my_db");
if (mysqli_connect_errno($con)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$myName="Jr's";
$myName=mysqli_real_escape_string($con,$myName);
mysqli_query($con,"INSERT into emp (name) VALUES ('$myName')");
mysqli_close($con);
?>