<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Escapes a string for use in a mysql_query</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.mysql-error.html">mysql_error</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.mysql-fetch-array.html">mysql_fetch_array</a></div>
<div class="up"><a href="ref.mysql.html">MySQL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.mysql-escape-string" class="refentry">
<div class="refnamediv">
<h1 class="refname">mysql_escape_string</h1>
<p class="verinfo">(PHP 4 >= 4.0.3, PHP 5)</p><p class="refpurpose"><span class="refname">mysql_escape_string</span> — <span class="dc-title">Escapes a string for use in a mysql_query</span></p>
</div>
<div id="function.mysql-escape-string-refsynopsisdiv">
<div class="warning"><strong class="warning">Warning</strong>
<p class="para">This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
Instead, the <a href="book.mysqli.html" class="link">MySQLi</a> or <a href="ref.pdo-mysql.html" class="link">PDO_MySQL</a> extension should be used.
See also <a href="mysqlinfo.api.choosing.html" class="link">MySQL: choosing an API</a> guide and
<a href="faq.databases.html#faq.databases.mysql.deprecated" class="link">related FAQ</a> for more information.
Alternatives to this function include:</p>
<ul class="simplelist">
<li class="member"> <span class="function"><a href="function.mysqli-escape-string.html" class="function">mysqli_escape_string()</a></span></li>
<li class="member"> <span class="methodname"><a href="pdo.quote.html" class="methodname">PDO::quote()</a></span></li>
</ul>
</div>
</div>
<div class="refsect1 description" id="refsect1-function.mysql-escape-string-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">string</span> <span class="methodname"><strong>mysql_escape_string</strong></span>
( <span class="methodparam"><span class="type">string</span> <code class="parameter">$unescaped_string</code></span>
)</div>
<p class="para rdfs-comment">
This function will escape the <em><code class="parameter">unescaped_string</code></em>,
so that it is safe to place it in a <span class="function"><a href="function.mysql-query.html" class="function">mysql_query()</a></span>.
This function is deprecated.
</p>
<p class="para">
This function is identical to <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span>
except that <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span> takes a
connection handler and escapes the string according to the current
character set. <span class="function"><strong>mysql_escape_string()</strong></span> does not take a
connection argument and does not respect the current charset setting.
</p>
<div class="warning"><strong class="warning">Warning</strong><p class="simpara">This function has been
<em class="emphasis">DEPRECATED</em> as of PHP 5.3.0. Relying on this feature is
highly discouraged.</p></div>
</div>
<div class="refsect1 parameters" id="refsect1-function.mysql-escape-string-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<span class="term"><em><code class="parameter">unescaped_string</code></em></span>
<dd>
<p class="para">
The string that is to be escaped.
</p>
</dd>
</dt>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.mysql-escape-string-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
Returns the escaped string.
</p>
</div>
<div class="refsect1 changelog" id="refsect1-function.mysql-escape-string-changelog">
<h3 class="title">Changelog</h3>
<p class="para">
<table class="doctable informaltable">
<thead>
<tr>
<th>Version</th>
<th>Description</th>
</tr>
</thead>
<tbody class="tbody">
<tr>
<td>5.3.0</td>
<td>
This function now throws an E_DEPRECATED notice.
</td>
</tr>
<tr>
<td>4.3.0</td>
<td>
This function became deprecated, do not use this function. Instead,
use <span class="function"><a href="function.mysql-real-escape-string.html" class="function">mysql_real_escape_string()</a></span>.
</td>
</tr>
</tbody>
</table>
</p>
</div>
<div class="refsect1 examples" id="refsect1-function.mysql-escape-string-examples">
<h3 class="title">Examples</h3>
<p class="para">
<div class="example" id="example-1578">
<p><strong>Example #1 <span class="function"><strong>mysql_escape_string()</strong></span> example</strong></p>
<div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />$item </span><span style="color: #007700">= </span><span style="color: #DD0000">"Zak's Laptop"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$escaped_item </span><span style="color: #007700">= </span><span style="color: #0000BB">mysql_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Escaped string: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$escaped_item</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span>
</span>
</code></div>
</div>
<div class="example-contents"><p>The above example will output:</p></div>
<div class="example-contents screen">
<div class="cdata"><pre>
Escaped string: Zak\'s Laptop
</pre></div>
</div>
</div>
</p>
</div>
<div class="refsect1 notes" id="refsect1-function.mysql-escape-string-notes">
<h3 class="title">Notes</h3>
<blockquote class="note"><p><strong class="note">Note</strong>:
<p class="para">
<span class="function"><strong>mysql_escape_string()</strong></span> does not escape
<em>%</em> and <em>_</em>.
</p>
</p></blockquote>
</div>
<div class="refsect1 seealso" id="refsect1-function.mysql-escape-string-seealso">
<h3 class="title">See Also</h3>
<p class="para">
<ul class="simplelist">
<li class="member"> <span class="function"><a href="function.mysql-real-escape-string.html" class="function" rel="rdfs-seeAlso">mysql_real_escape_string()</a> - Escapes special characters in a string for use in an SQL statement</span></li>
<li class="member"> <span class="function"><a href="function.addslashes.html" class="function" rel="rdfs-seeAlso">addslashes()</a> - Quote string with slashes</span></li>
<li class="member">The <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> directive.</li>
</ul>
</p>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.mysql-error.html">mysql_error</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.mysql-fetch-array.html">mysql_fetch_array</a></div>
<div class="up"><a href="ref.mysql.html">MySQL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
