real_escape_string in php code example

Example 1: php escape string

The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.

Object oriented style:
$mysqli -> real_escape_string(escapestring)
 
$mysqli = new mysqli("localhost","my_user","my_password","my_db");

// Escape special characters, if any
$firstname = $mysqli -> real_escape_string($_POST['firstname']);
$lastname = $mysqli -> real_escape_string($_POST['lastname']);
$age = $mysqli -> real_escape_string($_POST['age']);

Procedural style:
mysqli_real_escape_string(connection, escapestring)
  
$con = mysqli_connect("localhost","my_user","my_password","my_db");

// Escape special characters, if any
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

Example 2: mysqli_real_escape_string use with ajax

jQuery(document).ready(function($){

    // hide messages 
    $("#error").hide();
    $("#sent-form-msg").hide();

    // on submit...
    $("#contactForm #submit").click(function() {
        $("#error").hide();

        //required:

        //name
        var name = $("input#name").val();
        if(name == ""){
            $("#error").fadeIn().text("Name required.");
            $("input#name").focus();
            return false;
        }

        // email
        var email = $("input#email").val();
        if(email == ""){
            $("#error").fadeIn().text("Email required");
            $("input#email").focus();
            return false;
        }

        // contact_no
        var contact_no = $("input#contact_no").val();
        if(contact_no == ""){
            $("#error").fadeIn().text("Contact number required");
            $("input#contact_no").focus();
            return false;
        }

        // comments
        var comments = $("#comments").val();


        // data string
        var dataString = 'name='+ name
                        + '&email=' + email        
                        + '&contact_no=' + contact_no
                        + '&comments=' + comments

        // ajax
        $.ajax({
            type:"POST",
            data: dataString,
            success: success()
        });
    });  


    // on success...
     function success(){
        $("#sent-form-msg").fadeIn();
        $("#contactForm").fadeOut();
     }

    return false;
});

Tags:

Php Example