PHP mysqli_real_escape_string() Function

Object oriented style

string mysqli::escape_string ( string $escapestr )
string mysqli::real_escape_string ( string $escapestr )

Procedural style

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

The mysqli_real_escape_string() function escapes special characters in a string for use in an SQL statement.

Examples -

Object oriented style

Procedural style

Error: 42000 1 Row inserted.

ParameterDescription
linkProcedural style only: A link identifier returned by mysqli_connect() or mysqli_init()
escapestrThe string to be escaped.

Returns an escaped string.