<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.maxdb-real-connect.html">maxdb_real_connect</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.maxdb-real-query.html">maxdb_real_query</a></div> <div class="up"><a href="ref.maxdb.html">MaxDB Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.maxdb-real-escape-string" class="refentry"> <div class="refnamediv"> <h1 class="refname">maxdb_real_escape_string</h1> <h1 class="refname">maxdb::real_escape_string</h1> <p class="verinfo">(PECL maxdb >= 1.0)</p><p class="refpurpose"><span class="refname">maxdb_real_escape_string</span> -- <span class="refname">maxdb::real_escape_string</span> — <span class="dc-title">Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection</span></p> </div> <div class="refsect1 description" id="refsect1-function.maxdb-real-escape-string-description"> <h3 class="title">Description</h3> <p class="para">Procedural style</p> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><strong>maxdb_real_escape_string</strong></span> ( <span class="methodparam"><span class="type">resource</span> <code class="parameter">$link</code></span> , <span class="methodparam"><span class="type">string</span> <code class="parameter">$escapestr</code></span> )</div> <p class="para rdfs-comment">Object oriented style</p> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><strong>maxdb::real_escape_string</strong></span> ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$escapestr</code></span> )</div> <p class="para rdfs-comment"> This function is used to create a legal SQL string that you can use in an SQL statement. The string <em>escapestr</em> is encoded to an escaped SQL string, taking into account the current character set of the connection. </p> <p class="para"> Characters encoded are <em>', "</em>. </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.maxdb-real-escape-string-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns an escaped string. </p> </div> <div class="refsect1 examples" id="refsect1-function.maxdb-real-escape-string-examples"> <h3 class="title">Examples</h3> <div class="example" id="example-1305"> <p><strong>Example #1 Object oriented style</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$maxdb </span><span style="color: #007700">= new </span><span style="color: #0000BB">maxdb</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">, </span><span style="color: #DD0000">"MONA"</span><span style="color: #007700">, </span><span style="color: #DD0000">"RED"</span><span style="color: #007700">, </span><span style="color: #DD0000">"DEMODB"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* check connection */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">maxdb_connect_errno</span><span style="color: #007700">()) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect failed: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">maxdb_connect_error</span><span style="color: #007700">());<br /> exit();<br />}<br /><br /></span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"CREATE TABLE temp.mycity LIKE hotel.city"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #DD0000">"'s Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/* this query will fail, cause we didn't escape $city */<br /></span><span style="color: #007700">if (!</span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT into temp.mycity VALUES ('11111','</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">','NY')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">sqlstate</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* this query with escaped $city will work */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT into temp.mycity VALUES ('22222','</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">','NY')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d Row inserted.\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">affected_rows</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$maxdb</span><span style="color: #007700">-></span><span style="color: #0000BB">close</span><span style="color: #007700">();<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> <div class="example" id="example-1306"> <p><strong>Example #2 Procedural style</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$link </span><span style="color: #007700">= </span><span style="color: #0000BB">maxdb_connect</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">, </span><span style="color: #DD0000">"MONA"</span><span style="color: #007700">, </span><span style="color: #DD0000">"RED"</span><span style="color: #007700">, </span><span style="color: #DD0000">"DEMODB"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* check connection */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">maxdb_connect_errno</span><span style="color: #007700">()) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect failed: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">maxdb_connect_error</span><span style="color: #007700">());<br /> exit();<br />}<br /><br /></span><span style="color: #0000BB">maxdb_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"CREATE TABLE temp.mycity LIKE hotel.city"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #DD0000">"'s Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/* this query will fail, cause we didn't escape $city */<br /></span><span style="color: #007700">if (!</span><span style="color: #0000BB">maxdb_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"INSERT into temp.mycity VALUES ('11111','</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">','NY')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">maxdb_sqlstate</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #0000BB">maxdb_real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* this query with escaped $city will work */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">maxdb_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"INSERT into temp.mycity VALUES ('22222','</span><span style="color: #0000BB">$city</span><span style="color: #DD0000">','NY')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d Row inserted.\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">maxdb_affected_rows</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">maxdb_close</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> <p class="para">The above example will output something similar to:</p> <div class="example-contents screen"> <div class="cdata"><pre> Warning: maxdb_query(): -5016 POS(43) Missing delimiter: ) <...> Error: 42000 1 Row inserted. </pre></div> </div> </div> <div class="refsect1 seealso" id="refsect1-function.maxdb-real-escape-string-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.maxdb-character-set-name.html" class="function" rel="rdfs-seeAlso">maxdb_character_set_name()</a> - Returns the default character set for the database connection</span></li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.maxdb-real-connect.html">maxdb_real_connect</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.maxdb-real-query.html">maxdb_real_query</a></div> <div class="up"><a href="ref.maxdb.html">MaxDB Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>