Hello folks! welcome back to a new edition of our tutorial on PHP. In this tutorial guide, we are going to be studying about the PHP mysqli_real_escape_string() Function.
The mysqli_real_escape_string() function is used to escape characters in a string, thus making it legal to use in an SQL statement.
The mysqli_real_escape_string() function is used to escape characters in a string, thus making it legal to use in an SQL statement.
Syntax
Following below is the syntax to use this function -
mysqli_real_escape_string($con, $str)
Parameter Details
Sr.No | Parameter & Description |
---|---|
1 | con(Mandatory) This is an object representing a connection to MySQL Server. |
2 | str(Mandatory) This is a string in which you need to escape the special characters. |
Return Value
This function returns a legal string which can be used with SQL queries.
PHP Version
This PHP function was first introduced in PHP version 5 and it works in all the later versions.
Example1
The following below is an example which illustrates the usage of the built-in PHP mysqli_real_escape_string() function (in a procedural style) -
//Creating a connection $con = mysqli_connect("localhost", "root", "password", "mydb"); //Creating a table mysqli_query($con, "CREATE TABLE my_team(Name VARCHAR(255), Country VARCHAR(255))"); $player = "Iwobi"; $country = "Nigeria"; //Inserting a record $res = mysqli_query($con, "INSERT into my_team VALUES ('$player', '$country')"); if(!$res){ print("Error occurred"); }else{ print("Record inserted successfully"); } print("\n"); $player = mysqli_real_escape_string($con, $player); $country = mysqli_real_escape_string($con, $country); //Inserting a record $res = mysqli_query($con, "INSERT into my_team VALUES ('$player', '$country')"); if(!$res){ print("Error occurred"); }else{ print("Record inserted successfully"); } //Closing the connection mysqli_close($con); ?>
Output
When the above code is executed, it will produce the following result -
Error occurred Record inserted successfully
Example2
In object oriented style the syntax of this function is $con->real_escape_string(); The following is the example of this function in an object oriented style $minus;
<?php //Connecting to the database $con = new mysqli("localhost", "root", "password", "test"); //Creating a table $con->query("CREATE TABLE my_team(Name VARCHAR(255), Country VARCHAR(255))"); $player = "Iwobi"; $country = "Nigeria"; //Inserting a record $res = $con->query("INSERT into my_team VALUES ('$player')"); if(!$res){ print("Error occurred"); }else{ print("Record inserted successfully"); } print("\n"); $player = $con->real_escape_string($player); //Inserting a record $res = $con->query("INSERT into my_team (Name) VALUES ('$player')"); if(!$res){ print("Error occurred"); }else{ print("Record inserted successfully"); } //Closing the connection mysqli_close($con); ?>
Output
When the above code is executed, it will produce the following result -
Error occurred Record inserted successfully
Example3
Try the following example below -
<?php $con = mysqli_connect("localhost","root","password","mydb"); if (mysqli_connect_errno($con)){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $myName = "Jr's"; $myName = mysqli_real_escape_string($con,$myName); mysqli_query($con,"INSERT into emp (name) VALUES ('$myName')"); mysqli_close($con);
Alright guys! This is where we are going to be rounding up for this tutorial post. In our next tutorial, we are going to be discussing about the mysqli_real_query() Function in PHP.
Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.
Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.
Thanks for reading and bye for now.
Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.
Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.
Thanks for reading and bye for now.