Source of: /manual/en/function.mysql-escape-string.php
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/ref.mysql.inc";
$setup = array (
'home' =>
array (
0 => 'index.php',
1 => 'PHP Manual',
),
'head' =>
array (
0 => 'UTF-8',
1 => 'en',
),
'this' =>
array (
0 => 'function.mysql-escape-string.php',
1 => 'mysql_escape_string',
),
'up' =>
array (
0 => 'ref.mysql.php',
1 => 'MySQL Functions',
),
'prev' =>
array (
0 => 'function.mysql-error.php',
1 => 'mysql_error',
),
'next' =>
array (
0 => 'function.mysql-fetch-array.php',
1 => 'mysql_fetch_array',
),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);
manual_header();
?>
<div id="function.mysql-escape-string" class="refentry">
<div class="refnamediv">
<h1 class="refname">mysql_escape_string</h1>
<p class="verinfo">(PHP 4 >= 4.0.3, PHP 5)</p><p class="refpurpose"><span class="refname">mysql_escape_string</span> — <span class="dc-title">Escapes a string for use in a mysql_query</span></p>
</div>
<a name="function.mysql-escape-string.description"></a><div class="refsect1 description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">string</span> <span class="methodname"><b>mysql_escape_string</b></span>
( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$unescaped_string</tt></span>
)</div>
<p class="para rdfs-comment">
This function will escape the <i><tt class="parameter">unescaped_string</tt></i>
,
so that it is safe to place it in a <a href="function.mysql-query.php" class="function">mysql_query()</a>.
This function is deprecated.
</p>
<p class="para">
This function is identical to <a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a>
except that <a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a> takes a
connection handler and escapes the string according to the current
character set. <b>mysql_escape_string()</b> does not take a
connection argument and does not respect the current charset setting.
</p>
<div class="warning"><b class="warning">Warning</b><p class="simpara">This function has been
<em class="emphasis">DEPRECATED</em> as of PHP 5.3.0 and <em class="emphasis">REMOVED</em>
as of PHP 6.0.0. Relying on this feature is highly discouraged.</p></div>
</div>
<a name="function.mysql-escape-string.parameters"></a><div class="refsect1 parameters">
<h3 class="title">Parameters</h3>
<p class="para">
</p><dl>
<dt class="varlistentry">
<span class="term"><i><tt class="parameter">unescaped_string</tt></i>
</span>
</dt><dd class="listitem">
<p class="para">
The string that is to be escaped.
</p>
</dd>
</dl>
<p>
</p>
</div>
<a name="function.mysql-escape-string.returnvalues"></a><div class="refsect1 returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
Returns the escaped string.
</p>
</div>
<a name="function.mysql-escape-string.changelog"></a><div class="refsect1 changelog">
<h3 class="title">Changelog</h3>
<p class="para">
</p><table class="doctable informaltable">
<thead valign="middle">
<tr valign="middle">
<th>Version</th>
<th>Description</th>
</tr>
</thead>
<tbody valign="middle" class="tbody">
<tr valign="middle">
<td align="left">5.3.0</td>
<td align="left">
This function now throws an E_DEPRECATED notice.
</td>
</tr>
<tr valign="middle">
<td align="left">4.3.0</td>
<td align="left">
This function became deprecated, do not use this function. Instead,
use <a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a>.
</td>
</tr>
</tbody>
</table>
<p>
</p>
</div>
<a name="function.mysql-escape-string.examples"></a><div class="refsect1 examples">
<h3 class="title">Examples</h3>
<p class="para">
</p><div class="example">
<p><b>Example #1 <b>mysql_escape_string()</b> example</b></p>
<div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />$item </span><span style="color: #007700">= </span><span style="color: #DD0000">"Zak's Laptop"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$escaped_item </span><span style="color: #007700">= </span><span style="color: #0000BB">mysql_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Escaped string: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$escaped_item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span>
</span>
</code></div>
</div>
<div class="example-contents para"><p>The above example will output:</p></div>
<div class="example-contents screen">
<div class="cdata"><pre>
Escaped string: Zak\'s Laptop
</pre></div>
</div>
</div><p>
</p>
</div>
<a name="function.mysql-escape-string.notes"></a><div class="refsect1 notes">
<h3 class="title">Notes</h3>
<blockquote><p><b class="note">Note</b>:
<b>mysql_escape_string()</b> does not escape
<i>%</i> and <i>_</i>.
<br />
</p></blockquote>
</div>
<a name="function.mysql-escape-string.seealso"></a><div class="refsect1 seealso">
<h3 class="title">See Also</h3>
<p class="para">
</p><ul class="simplelist">
<li class="member"><a href="function.mysql-real-escape-string.php" class="function" rel="rdfs-seeAlso">mysql_real_escape_string()</a> - Escapes special characters in a string for use in a SQL statement</li>
<li class="member"><a href="function.addslashes.php" class="function" rel="rdfs-seeAlso">addslashes()</a> - Quote string with slashes</li>
<li class="member">The <a href="info.configuration.php#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> directive.</li>
</ul><p>
</p>
</div>
</div><?php manual_footer(); ?>
