downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

Our source is open

The syntax highlighted source is automatically generated by PHP from the plaintext script. If you're interested in what's behind the several functions we used, you can always take a look at the source of the following files:

Of course, if you want to see the source of this page, we have it available. You can also browse the Git repository for this website on git.php.net.

Source of: /manual/pt_BR/mysqli.real-escape-string.php

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/class.mysqli.inc";
$setup = array (
  'home' =>
  array (
    0 => 'index.php',
    1 => 'PHP Manual',
  ),
  'head' =>
  array (
    0 => 'UTF-8',
    1 => 'pt_BR',
  ),
  'this' =>
  array (
    0 => 'mysqli.real-escape-string.php',
    1 => 'mysqli::real_escape_string',
  ),
  'up' =>
  array (
    0 => 'class.mysqli.php',
    1 => 'MySQLi',
  ),
  'prev' =>
  array (
    0 => 'mysqli.real-connect.php',
    1 => 'mysqli::real_connect',
  ),
  'next' =>
  array (
    0 => 'mysqli.real-query.php',
    1 => 'mysqli::real_query',
  ),
  'alternatives' =>
  array (
  ),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);

manual_header();
?>
<div id="mysqli.real-escape-string" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">mysqli::real_escape_string</h1>
  <h1 class="refname">mysqli_real_escape_string</h1>
  <p class="verinfo">(PHP 5)</p><p class="refpurpose"><span class="refname">mysqli::real_escape_string</span> -- <span class="refname">mysqli_real_escape_string</span> &mdash; <span class="dc-title">Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection</span></p>

 </div>

 <div class="refsect1 description" id="refsect1-mysqli.real-escape-string-description">
  <h3 class="title">Descrição</h3>
  <p class="para">Estilo orientado à objeto</p>
  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><a href="function.mysqli-escape-string.php" class="methodname">mysqli::escape_string</a></span>
    ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$escapestr</code></span>
   )</div>

  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><strong>mysqli::real_escape_string</strong></span>
    ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$escapestr</code></span>
   )</div>

  <p class="para rdfs-comment">Estilo procedural</p>
  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><strong>mysqli_real_escape_string</strong></span>
    ( <span class="methodparam"><span class="type"><a href="class.mysqli.php" class="type mysqli">mysqli</a></span> <code class="parameter">$link</code></span>
   , <span class="methodparam"><span class="type">string</span> <code class="parameter">$escapestr</code></span>
   )</div>

  <p class="para rdfs-comment">
   This function is used to create a legal SQL string that you can use in an
   SQL statement. The given string is encoded to an escaped SQL string,
   taking into account the current character set of the connection.
  </p>
  <div class="caution"><strong class="caution">Cuidado</strong>
   <h1 class="title">Security: the default character set</h1>
   <p class="para">
    The character set must be set either at the server level, or with
    the API function  <span class="function"><a href="mysqli.set-charset.php" class="function">mysqli_set_charset()</a></span> for it to affect
     <span class="function"><strong>mysqli_real_escape_string()</strong></span>. See the concepts section
    on <a href="mysqlinfo.concepts.charset.php" class="link">character sets</a> for
    more information.
   </p>
  </div>
 </div>


 <div class="refsect1 parameters" id="refsect1-mysqli.real-escape-string-parameters">
  <h3 class="title">Parâmetros</h3>
  <p class="para">
   <dl>

    <dt>
<span class="term"><em><code class="parameter">
link</code></em></span><dd>
<p class="para">Procedural style only: A link identifier
returned by  <span class="function"><a href="function.mysqli-connect.php" class="function">mysqli_connect()</a></span> or  <span class="function"><a href="mysqli.init.php" class="function">mysqli_init()</a></span>
</p></dd>
</dt>

    <dt>

     <span class="term"><em><code class="parameter">escapestr</code></em></span>
     <dd>

      <p class="para">
       The string to be escaped.
      </p>
      <p class="para">
       Characters encoded are <em>NUL (ASCII 0), \n, \r, \, &#039;, &quot;, and
       Control-Z</em>.
      </p>
     </dd>

    </dt>

   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues" id="refsect1-mysqli.real-escape-string-returnvalues">
  <h3 class="title">Valor Retornado</h3>
  <p class="para">
   Returns an escaped string.
  </p>
 </div>


 <div class="refsect1 examples" id="refsect1-mysqli.real-escape-string-examples">
  <h3 class="title">Exemplos</h3>
  <div class="example" id="example-1529">
   <p><strong>Exemplo #1  <span class="methodname"><strong>mysqli::real_escape_string()</strong></span> example</strong></p>
   <div class="example-contents"><p>Estilo orientado à objeto</p></div>
   <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$mysqli&nbsp;</span><span style="color: #007700">=&nbsp;new&nbsp;</span><span style="color: #0000BB">mysqli</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"my_user"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"my_password"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"world"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;check&nbsp;connection&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(</span><span style="color: #0000BB">mysqli_connect_errno</span><span style="color: #007700">())&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect&nbsp;failed:&nbsp;%s\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">mysqli_connect_error</span><span style="color: #007700">());<br />&nbsp;&nbsp;&nbsp;&nbsp;exit();<br />}<br /><br /></span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"CREATE&nbsp;TEMPORARY&nbsp;TABLE&nbsp;myCity&nbsp;LIKE&nbsp;City"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"'s&nbsp;Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/*&nbsp;this&nbsp;query&nbsp;will&nbsp;fail,&nbsp;cause&nbsp;we&nbsp;didn't&nbsp;escape&nbsp;$city&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(!</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT&nbsp;into&nbsp;myCity&nbsp;(Name)&nbsp;VALUES&nbsp;('</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">')"</span><span style="color: #007700">))&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error:&nbsp;%s\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">sqlstate</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$city&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;this&nbsp;query&nbsp;with&nbsp;escaped&nbsp;$city&nbsp;will&nbsp;work&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT&nbsp;into&nbsp;myCity&nbsp;(Name)&nbsp;VALUES&nbsp;('</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">')"</span><span style="color: #007700">))&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d&nbsp;Row&nbsp;inserted.\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">affected_rows</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">close</span><span style="color: #007700">();<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
   </div>

   <div class="example-contents"><p>Estilo procedural</p></div>
   <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$link&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">mysqli_connect</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"my_user"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"my_password"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"world"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;check&nbsp;connection&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(</span><span style="color: #0000BB">mysqli_connect_errno</span><span style="color: #007700">())&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect&nbsp;failed:&nbsp;%s\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">mysqli_connect_error</span><span style="color: #007700">());<br />&nbsp;&nbsp;&nbsp;&nbsp;exit();<br />}<br /><br /></span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"CREATE&nbsp;TEMPORARY&nbsp;TABLE&nbsp;myCity&nbsp;LIKE&nbsp;City"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"'s&nbsp;Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/*&nbsp;this&nbsp;query&nbsp;will&nbsp;fail,&nbsp;cause&nbsp;we&nbsp;didn't&nbsp;escape&nbsp;$city&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(!</span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"INSERT&nbsp;into&nbsp;myCity&nbsp;(Name)&nbsp;VALUES&nbsp;('</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">')"</span><span style="color: #007700">))&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error:&nbsp;%s\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">mysqli_sqlstate</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">$city&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">mysqli_real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;this&nbsp;query&nbsp;with&nbsp;escaped&nbsp;$city&nbsp;will&nbsp;work&nbsp;*/<br /></span><span style="color: #007700">if&nbsp;(</span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"INSERT&nbsp;into&nbsp;myCity&nbsp;(Name)&nbsp;VALUES&nbsp;('</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">')"</span><span style="color: #007700">))&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d&nbsp;Row&nbsp;inserted.\n"</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">mysqli_affected_rows</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">mysqli_close</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
   </div>

   <div class="example-contents"><p>Os exemplos acima irão imprimir:</p></div>
   <div class="example-contents screen">
<div class="cdata"><pre>
Error: 42000
1 Row inserted.
</pre></div>
   </div>
  </div>
 </div>


 <div class="refsect1 notes" id="refsect1-mysqli.real-escape-string-notes">
  <h3 class="title">Notas</h3>
  <blockquote class="note"><p><strong class="note">Nota</strong>:
   <p class="para">
    For those accustomed to using  <span class="function"><a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a></span>,
    note that the arguments of  <span class="function"><strong>mysqli_real_escape_string()</strong></span>
    differ from what  <span class="function"><a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a></span> expects.
    The <em><code class="parameter">link</code></em> identifier comes first in
     <span class="function"><strong>mysqli_real_escape_string()</strong></span>, whereas the string to be escaped
    comes first in  <span class="function"><a href="function.mysql-real-escape-string.php" class="function">mysql_real_escape_string()</a></span>.
   </p>
  </p></blockquote>
 </div>


 <div class="refsect1 seealso" id="refsect1-mysqli.real-escape-string-seealso">
  <h3 class="title">Veja Também</h3>
  <p class="para">
   <ul class="simplelist">
    <li class="member"> <span class="function"><a href="mysqli.set-charset.php" class="function" rel="rdfs-seeAlso">mysqli_set_charset()</a> - Sets the default client character set</span></li>
    <li class="member"> <span class="function"><a href="mysqli.character-set-name.php" class="function" rel="rdfs-seeAlso">mysqli_character_set_name()</a> - Retorna o conjunto de caracteres padr&atilde;o para a conex&atilde;o com o banco de dados</span></li>
   </ul>
  </p>
 </div>


</div><?php manual_footer(); ?>
 
show source | credits | sitemap | contact | advertising | mirror sites