- 3.9 The mysqli class (mysqli)
- 3.9.1 mysqli::$affected_rows, mysqli_affected_rows
- 3.9.2 mysqli::autocommit, mysqli_autocommit
- 3.9.3 mysqli::begin_transaction, mysqli_begin_transaction
- 3.9.4 mysqli::change_user, mysqli_change_user
- 3.9.5 mysqli::character_set_name, mysqli_character_set_name
- 3.9.6 mysqli::$client_info, mysqli_get_client_info
- 3.9.7 mysqli::$client_version, mysqli_get_client_version
- 3.9.8 mysqli::close, mysqli_close
- 3.9.9 mysqli::commit, mysqli_commit
- 3.9.10 mysqli::$connect_errno, mysqli_connect_errno
- 3.9.11 mysqli::$connect_error, mysqli_connect_error
- 3.9.12 mysqli::__construct, mysqli_connect
- 3.9.13 mysqli::debug, mysqli_debug
- 3.9.14 mysqli::dump_debug_info, mysqli_dump_debug_info
- 3.9.15 mysqli::$errno, mysqli_errno
- 3.9.16 mysqli::$error_list, mysqli_error_list
- 3.9.17 mysqli::$error, mysqli_error
- 3.9.18 mysqli::$field_count, mysqli_field_count
- 3.9.19 mysqli::get_charset, mysqli_get_charset
- 3.9.20 mysqli::get_client_info, mysqli_get_client_info
- 3.9.21 mysqli_get_client_stats
- 3.9.22 mysqli_get_client_version, mysqli::$client_version
- 3.9.23 mysqli::get_connection_stats, mysqli_get_connection_stats
- 3.9.24 mysqli::$host_info, mysqli_get_host_info
- 3.9.25 mysqli::$protocol_version, mysqli_get_proto_info
- 3.9.26 mysqli::$server_info, mysqli_get_server_info
- 3.9.27 mysqli::$server_version, mysqli_get_server_version
- 3.9.28 mysqli::get_warnings, mysqli_get_warnings
- 3.9.29 mysqli::$info, mysqli_info
- 3.9.30 mysqli::init, mysqli_init
- 3.9.31 mysqli::$insert_id, mysqli_insert_id
- 3.9.32 mysqli::kill, mysqli_kill
- 3.9.33 mysqli::more_results, mysqli_more_results
- 3.9.34 mysqli::multi_query, mysqli_multi_query
- 3.9.35 mysqli::next_result, mysqli_next_result
- 3.9.36 mysqli::options, mysqli_options
- 3.9.37 mysqli::ping, mysqli_ping
- 3.9.38 mysqli::poll, mysqli_poll
- 3.9.39 mysqli::prepare, mysqli_prepare
- 3.9.40 mysqli::query, mysqli_query
- 3.9.41 mysqli::real_connect, mysqli_real_connect
- 3.9.42 mysqli::real_escape_string, mysqli_real_escape_string
- 3.9.43 mysqli::real_query, mysqli_real_query
- 3.9.44 mysqli::reap_async_query, mysqli_reap_async_query
- 3.9.45 mysqli::refresh, mysqli_refresh
- 3.9.46 mysqli::release_savepoint, mysqli_release_savepoint
- 3.9.47 mysqli::rollback, mysqli_rollback
- 3.9.48 mysqli::rpl_query_type, mysqli_rpl_query_type
- 3.9.49 mysqli::savepoint, mysqli_savepoint
- 3.9.50 mysqli::select_db, mysqli_select_db
- 3.9.51 mysqli::send_query, mysqli_send_query
- 3.9.52 mysqli::set_charset, mysqli_set_charset
- 3.9.53 mysqli::set_local_infile_default, mysqli_set_local_infile_default
- 3.9.54 mysqli::set_local_infile_handler, mysqli_set_local_infile_handler
- 3.9.55 mysqli::$sqlstate, mysqli_sqlstate
- 3.9.56 mysqli::ssl_set, mysqli_ssl_set
- 3.9.57 mysqli::stat, mysqli_stat
- 3.9.58 mysqli::stmt_init, mysqli_stmt_init
- 3.9.59 mysqli::store_result, mysqli_store_result
- 3.9.60 mysqli::$thread_id, mysqli_thread_id
- 3.9.61 mysqli::thread_safe, mysqli_thread_safe
- 3.9.62 mysqli::use_result, mysqli_use_result
- 3.9.63 mysqli::$warning_count, mysqli_warning_count
Copyright 1997-2012 the PHP Documentation Group.
mysqli::real_escape_stringmysqli_real_escape_stringEscapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
Description
Object oriented style
string mysqli::escape_string(string escapestr);string mysqli::real_escape_string(string escapestr);Procedural style
string mysqli_real_escape_string(mysqli link,
string escapestr);This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.
The character set must be set either at the server level, or
with the API function
mysqli_set_charset
for it to affect
mysqli_real_escape_string.
See the concepts section on
character
sets for more information.
Parameters
-
link Procedural style only: A link identifier returned by
mysqli_connectormysqli_init-
escapestr The string to be escaped.
Characters encoded are
NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.
Return Values
Returns an escaped string.
Examples
Example 3.63. mysqli::real_escape_string
example
Object oriented style
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", $mysqli->sqlstate);
}
$city = $mysqli->real_escape_string($city);
/* this query with escaped $city will work */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
$mysqli->close();
?>
Procedural style
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
The above examples will output:
Error: 42000 1 Row inserted.
Notes
For those accustomed to using
mysql_real_escape_string,
note that the arguments of
mysqli_real_escape_string
differ from what
mysql_real_escape_string
expects. The link identifier comes
first in
mysqli_real_escape_string,
whereas the string to be escaped comes first in
mysql_real_escape_string.
See Also
mysqli_set_charset
|
mysqli_character_set_name
|
User Comments
Add your own comment.