php sql escape string code example

Example: php escape string

The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.

Object oriented style:
$mysqli -> real_escape_string(escapestring)
 
$mysqli = new mysqli("localhost","my_user","my_password","my_db");

// Escape special characters, if any
$firstname = $mysqli -> real_escape_string($_POST['firstname']);
$lastname = $mysqli -> real_escape_string($_POST['lastname']);
$age = $mysqli -> real_escape_string($_POST['age']);

Procedural style:
mysqli_real_escape_string(connection, escapestring)
  
$con = mysqli_connect("localhost","my_user","my_password","my_db");

// Escape special characters, if any
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

Tags:

Php Example