Page 1 of 1

mm what is .....

Posted: Thu Jan 30, 2003 1:49 am
by forgun
what this function:

Code: Select all

mysql_escape_string()
i try to understand but i still not sure what this do
:lol:

Posted: Thu Jan 30, 2003 1:59 am
by evilcoder
Designed to stop errors in mysql_query:

Eg:

you have a variable called $Entry, and its value is = "Dave's Stuff"

Now if you were to put that into a mysql_query like:

mysql_query( INSERT INTO table ( entry ) VALUES ( '$Entry' ) )

you would get an error in your syntax because the variables has a ' in it, so mysql_query would read it as

mysql_query( INSERT INTO table ( entry ) VALUES ( 'Dave's Stuff' ) )

See the problem?

Hense mysql_escape_string() is similar to addslashes()

Using mysql_escape_string() can be done like this:

$Entry = "Dave's Stuff";
$Escaped = mysql_escape_string( $Entry );
mysql_query( INSERT INTO table ( entry ) VALUES ( '$Escaped' ) )

Hope this helps.