maxdb->real_escape_string --
Escapes special characters in a string for use in a SQL statement,
taking into account the current charset of the connection
class maxdb { string real_escape_sring ( string escapestr ) }
This function is used to create a legal SQL string that you can use in a SQL statement.
The string escapestr is encoded to an escaped SQL string, taking into
account the current character set of the connection.
$maxdb->query("CREATE TABLE temp.mycity LIKE hotel.city");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */ if (!$maxdb->query("INSERT into temp.mycity VALUES ('11111','$city','NY')")) { printf("Error: %s\n", $maxdb->sqlstate); }
$city = $maxdb->real_escape_string($city);
/* this query with escaped $city will work */ if ($maxdb->query("INSERT into temp.mycity VALUES ('22222','$city','NY')")) { printf("%d Row inserted.\n", $maxdb->affected_rows); }
maxdb_query($link, "CREATE TABLE temp.mycity LIKE hotel.city");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */ if (!maxdb_query($link, "INSERT into temp.mycity VALUES ('11111','$city','NY')")) { printf("Error: %s\n", maxdb_sqlstate($link)); }
$city = maxdb_real_escape_string($link, $city);
/* this query with escaped $city will work */ if (maxdb_query($link, "INSERT into temp.mycity VALUES ('22222','$city','NY')")) { printf("%d Row inserted.\n", maxdb_affected_rows($link)); }
maxdb_close($link); ?>
The above examples would produce the following output:
