mysql_real_escape_string
PHP 4 >= 4.3.0, PHP 5
mysql_real_escape_string - Escapes special characters in a string for use in an SQL statement
Code Examples
Example #1 mysql_real_escape_string requires a connection example
Result: Warning: mysql_real_escape_string(): No such file or directory in /this/test/script.php on line 5
Warning: mysql_real_escape_string(): A link to the server could not be established in /this/test/script.php on line 5
bool(false)
string(41) "SELECT * FROM actors WHERE last_name = ''"
Example #2 An example SQL Injection Attack
Result: SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''