5.5.12 mysql_escape_string

Copyright 1997-2014 the PHP Documentation Group.

Warning

This function was deprecated in PHP 4.3.0, and will be removed in the future, along with the entirety of the original MySQL extension. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_escape_string
PDO::quote

Description

string mysql_escape_string(string unescaped_string);

This function will escape the unescaped_string, so that it is safe to place it in a mysql_query. This function is deprecated.

This function is identical to mysql_real_escape_string except that mysql_real_escape_string takes a connection handler and escapes the string according to the current character set. mysql_escape_string does not take a connection argument and does not respect the current charset setting.

Parameters

unescaped_string

The string that is to be escaped.

Return Values

Returns the escaped string.

Changelog

VersionDescription
5.3.0This function now throws an E_DEPRECATED notice.
4.3.0This function became deprecated, do not use this function. Instead, use mysql_real_escape_string.

Examples

Example 5.16 mysql_escape_string example


<?php
$item = "Zak's Laptop";
$escaped_item = mysql_escape_string($item);
printf("Escaped string: %s\n", $escaped_item);
?>

    

The above example will output:


Escaped string: Zak\'s Laptop

    


Notes

Note

mysql_escape_string does not escape % and _.

See Also

mysql_real_escape_string
addslashes
The magic_quotes_gpc directive.