(PHP 4 >= 4.0.3, PHP 5)

mysql_escape_stringEscapes a string for use in a mysql_query


PHP 4.3.0 itibariyle bu işlevin kullanımı önerilmemekte olup bu işlev ve özgün MySQL eklentisinin tamamı PHP 7.0.0 itibariyle kaldırılmıştır. Yerine, etkin olarak geliştirilmekte olan MySQLi veya PDO_MySQL extensions kullanılabilir. Ek bilgi: MySQL: Bir API Seçimi Bu işlev yerine kullanılabilecekler:


mysql_escape_string ( string $unescaped_string ) : string

This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.



The string that is to be escaped.

Dönen Değerler

Returns the escaped string.


Örnek 1 mysql_escape_string() example

"Zak's Laptop";
$escaped_item mysql_escape_string($item);
printf("Escaped string: %s\n"$escaped_item);

Yukarıdaki örneğin çıktısı:

Escaped string: Zak\'s Laptop



mysql_escape_string() does not escape % and _.

Ayrıca Bakınız

add a note add a note

User Contributed Notes 2 notes

6 years ago
You can use this function safely with your MySQL database queries if and only if you are sure that your database connection is using ASCII, UTF-8, or ISO-8859-* and that the backslash is your database's escape character. If you're not sure, then use mysqli_real_escape_string instead. This function is not safe to use on databases with multi-byte character sets.

The only benefit of this function is that it does not require a database connection.
s dot marechal at jejik dot com
10 years ago
The exact characters that are escaped by this function are the null byte (0), newline (\n), carriage return (\r), backslash (\), single quote ('), double quote (") and substiture (SUB, or \032).
To Top