<HTML ><HEAD ><TITLE >mysql_real_escape_string</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Manual de PHP" HREF="index.html"><LINK REL="UP" TITLE="Funciones MySQL" HREF="ref.mysql.html"><LINK REL="PREVIOUS" TITLE="mysql_query" HREF="function.mysql-query.html"><LINK REL="NEXT" TITLE="mysql_result" HREF="function.mysql-result.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-1"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual de PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.mysql-query.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.mysql-result.html" ACCESSKEY="N" >Siguiente</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.mysql-real-escape-string" ></A >mysql_real_escape_string</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN48352" ></A ><P > (PHP 4 >= 4.3.0)</P >mysql_real_escape_string -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection. </DIV ><DIV CLASS="refsect1" ><A NAME="AEN48355" ></A ><H2 >Description</H2 >string <B CLASS="methodname" >mysql_real_escape_string</B > ( string unescaped_string [, resource link_identifier])<BR ></BR ><P > This function will escape special characters in the <TT CLASS="parameter" ><I >unescaped_string</I ></TT >, taking into account the current charset of the connection so that it is safe to place it in a <A HREF="function.mysql-query.html" ><B CLASS="function" >mysql_query()</B ></A >. </P ><DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >Nota: </B > <B CLASS="function" >mysql_real_escape_string()</B > does not escape <TT CLASS="literal" >%</TT > and <TT CLASS="literal" >_</TT >. </P ></BLOCKQUOTE ></DIV ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN48374" ></A ><P ><B >Ejemplo 1. <B CLASS="function" >mysql_real_escape_string()</B > example</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="php" ><?php $link = mysql_connect('localhost', 'mysql_user', 'mysql_password'); $item = "Zak's and Derick's Laptop"; $escaped_item = mysql_real_escape_string($item); printf ("Escaped string: %s\n", $escaped_item); ?></PRE ></TD ></TR ></TABLE ><P > The above example would produce the following output: <TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >Escaped string: Zak\'s and Derick\'s Laptop</PRE ></TD ></TR ></TABLE > </P ></DIV ></TD ></TR ></TABLE ><P > See also: <A HREF="function.mysql-escape-string.html" ><B CLASS="function" >mysql_escape_string()</B ></A >, <A HREF="function.mysql-character-set-name.html" ><B CLASS="function" >mysql_character_set_name()</B ></A >. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.mysql-query.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Inicio</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.mysql-result.html" ACCESSKEY="N" >Siguiente</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >mysql_query</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.mysql.html" ACCESSKEY="U" >Subir</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >mysql_result</TD ></TR ></TABLE ></DIV ></BODY ></HTML >