mysql_real_escape_string

PHP 4 >= 4.3.0, PHP 5
mysql_real_escape_string - Escapes special characters in a string for use in an SQL statement
Manual
Code Examples

Example #1 mysql_real_escape_string requires a connection example

Result: Warning: mysql_real_escape_string(): No such file or directory in /this/test/script.php on line 5 Warning: mysql_real_escape_string(): A link to the server could not be established in /this/test/script.php on line 5 bool(false) string(41) "SELECT * FROM actors WHERE last_name = ''"
PHP Version:

Example #2 An example SQL Injection Attack

Result: SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''
PHP Version:

Example #3 Simple mysql_real_escape_string example

PHP Version: