PHP mysqli_real_escape_string() Function

Example

Escape special characters in a string:

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('$firstname', '$lastname', '$age')";

if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);
?>

Definition and Usage

The mysqli_real_escape_string() function escapes special characters in a string for use in an SQL statement.

Syntax

mysqli_real_escape_string(connection,escapestring);

Parameter	Description
connection	Required. Specifies the MySQL connection to use
escapestring	Required. The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

Technical Details

Return Value:	Returns the escaped string
PHP Version:	5+

PHP MySQLi Reference

PHP Tutorial

PHP Forms

PHP Advanced

MySQL Database

PHP - XML

PHP - AJAX

PHP Examples

PHP Reference

PHP mysqli_real_escape_string() Function

Example

Definition and Usage

Syntax

Technical Details

W3SCHOOLS EXAMS

COLOR PICKER

LEARN MORE:

SHARE THIS PAGE

Your Suggestion:

Thank You For Helping Us!

Top 10 Tutorials

Top 10 References

Top 10 Examples

Web Certificates

HTML/CSS

JavaScript

HTML Graphics

Server Side

Web Building

XML Tutorials

HTML

CSS

JavaScript

Server Side

XML

Charsets

HTML/CSS

JavaScript

Server Side

XML