CascadiaPHP 2024

mysql_escape_string

(PHP 4 >= 4.0.3, PHP 5)

mysql_escape_stringEscapes a string for use in a mysql_query

Avviso

This function was deprecated in PHP 4.3.0, and it and the entire original MySQL extension was removed in PHP 7.0.0. Instead, use either the actively developed MySQLi or PDO_MySQL extensions. See also the MySQL: choosing an API guide. Alternatives to this function include:

Descrizione

mysql_escape_string(string $unescaped_string): string

This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.

Elenco dei parametri

unescaped_string

The string that is to be escaped.

Valori restituiti

Returns the escaped string.

Esempi

Example #1 mysql_escape_string() example

<?php
$item
= "Zak's Laptop";
$escaped_item = mysql_escape_string($item);
printf("Escaped string: %s\n", $escaped_item);
?>

Il precedente esempio visualizzerà:

Escaped string: Zak\'s Laptop

Note

Nota:

mysql_escape_string() does not escape % and _.

Vedere anche:

add a note

User Contributed Notes 1 note

up
7
PHPguru
9 years ago
You can use this function safely with your MySQL database queries if and only if you are sure that your database connection is using ASCII, UTF-8, or ISO-8859-* and that the backslash is your database's escape character. If you're not sure, then use mysqli_real_escape_string instead. This function is not safe to use on databases with multi-byte character sets.

The only benefit of this function is that it does not require a database connection.
To Top