real_escape_string in php code example
Example 1: php escape string
The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.
Object oriented style:
$mysqli -> real_escape_string(escapestring)
$mysqli = new mysqli("localhost","my_user","my_password","my_db");
$firstname = $mysqli -> real_escape_string($_POST['firstname']);
$lastname = $mysqli -> real_escape_string($_POST['lastname']);
$age = $mysqli -> real_escape_string($_POST['age']);
Procedural style:
mysqli_real_escape_string(connection, escapestring)
$con = mysqli_connect("localhost","my_user","my_password","my_db");
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
Example 2: mysqli_real_escape_string use with ajax
jQuery(document).ready(function($){
$("#error").hide();
$("#sent-form-msg").hide();
$("#contactForm #submit").click(function() {
$("#error").hide();
var name = $("input#name").val();
if(name == ""){
$("#error").fadeIn().text("Name required.");
$("input#name").focus();
return false;
}
var email = $("input#email").val();
if(email == ""){
$("#error").fadeIn().text("Email required");
$("input#email").focus();
return false;
}
var contact_no = $("input#contact_no").val();
if(contact_no == ""){
$("#error").fadeIn().text("Contact number required");
$("input#contact_no").focus();
return false;
}
var comments = $("#comments").val();
var dataString = 'name='+ name
+ '&email=' + email
+ '&contact_no=' + contact_no
+ '&comments=' + comments
$.ajax({
type:"POST",
data: dataString,
success: success()
});
});
function success(){
$("#sent-form-msg").fadeIn();
$("#contactForm").fadeOut();
}
return false;
});