<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Escapes a string for use in a mysql_query</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.mysql-error.html">mysql_error</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.mysql-fetch-array.html">mysql_fetch_array</a></div> <div class="up"><a href="ref.mysql.html">MySQL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.mysql-escape-string" class="refentry"> <div class="refnamediv"> <h1 class="refname">mysql_escape_string</h1> <p class="verinfo">(PHP 4 >= 4.0.3, PHP 5)</p><p class="refpurpose"><span class="refname">mysql_escape_string</span> — <span class="dc-title">Escapes a string for use in a mysql_query</span></p> </div> <div id="function.mysql-escape-string-refsynopsisdiv"> <div class="warning"><strong class="warning">Warning</strong> <p class="para">This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the <a href="book.mysqli.html" class="link">MySQLi</a> or <a href="ref.pdo-mysql.html" class="link">PDO_MySQL</a> extension should be used. See also <a href="mysqlinfo.api.choosing.html" class="link">MySQL: choosing an API</a> guide and <a href="faq.databases.html#faq.databases.mysql.deprecated" class="link">related FAQ</a> for more information. Alternatives to this function include:</p> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.mysqli-escape-string.html" class="function">mysqli_escape_string()</a></span></li> <li class="member"> <span class="methodname"><a href="pdo.quote.html" class="methodname">PDO::quote()</a></span></li> </ul> </div> </div> <div class="refsect1 description" id="refsect1-function.mysql-escape-string-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><strong>mysql_escape_string</strong></span> ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$unescaped_string</code></span> )</div> <p class="para rdfs-comment"> This function will escape the <em><code class="parameter">unescaped_string</code></em>, so that it is safe to place it in a <span class="function"><a href="function.mysql-query.html" class="function">mysql_query()</a></span>. This function is deprecated. </p> <p class="para"> This function is identical to <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span> except that <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span> takes a connection handler and escapes the string according to the current character set. <span class="function"><strong>mysql_escape_string()</strong></span> does not take a connection argument and does not respect the current charset setting. </p> <div class="warning"><strong class="warning">Warning</strong><p class="simpara">This function has been <em class="emphasis">DEPRECATED</em> as of PHP 5.3.0. Relying on this feature is highly discouraged.</p></div> </div> <div class="refsect1 parameters" id="refsect1-function.mysql-escape-string-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">unescaped_string</code></em></span> <dd> <p class="para"> The string that is to be escaped. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.mysql-escape-string-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns the escaped string. </p> </div> <div class="refsect1 changelog" id="refsect1-function.mysql-escape-string-changelog"> <h3 class="title">Changelog</h3> <p class="para"> <table class="doctable informaltable"> <thead> <tr> <th>Version</th> <th>Description</th> </tr> </thead> <tbody class="tbody"> <tr> <td>5.3.0</td> <td> This function now throws an E_DEPRECATED notice. </td> </tr> <tr> <td>4.3.0</td> <td> This function became deprecated, do not use this function. Instead, use <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span>. </td> </tr> </tbody> </table> </p> </div> <div class="refsect1 examples" id="refsect1-function.mysql-escape-string-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-1578"> <p><strong>Example #1 <span class="function"><strong>mysql_escape_string()</strong></span> example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$item </span><span style="color: #007700">= </span><span style="color: #DD0000">"Zak's Laptop"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$escaped_item </span><span style="color: #007700">= </span><span style="color: #0000BB">mysql_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Escaped string: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$escaped_item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> <div class="example-contents"><p>The above example will output:</p></div> <div class="example-contents screen"> <div class="cdata"><pre> Escaped string: Zak\'s Laptop </pre></div> </div> </div> </p> </div> <div class="refsect1 notes" id="refsect1-function.mysql-escape-string-notes"> <h3 class="title">Notes</h3> <blockquote class="note"><p><strong class="note">Note</strong>: <p class="para"> <span class="function"><strong>mysql_escape_string()</strong></span> does not escape <em>%</em> and <em>_</em>. </p> </p></blockquote> </div> <div class="refsect1 seealso" id="refsect1-function.mysql-escape-string-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.mysql-real-escape-string.html" class="function" rel="rdfs-seeAlso">mysql_real_escape_string()</a> - Escapes special characters in a string for use in an SQL statement</span></li> <li class="member"> <span class="function"><a href="function.addslashes.html" class="function" rel="rdfs-seeAlso">addslashes()</a> - Quote string with slashes</span></li> <li class="member">The <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> directive.</li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.mysql-error.html">mysql_error</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.mysql-fetch-array.html">mysql_fetch_array</a></div> <div class="up"><a href="ref.mysql.html">MySQL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>