php-mysqlHow to escape a string for MySQL in PHP?

The best way to escape a string for MySQL in PHP is to use the mysqli_real_escape_string() function. This function takes two parameters, the first being the MySQL connection and the second being the string to be escaped.

$conn = mysqli_connect("localhost", "username", "password", "database");
$escapedString = mysqli_real_escape_string($conn, $string);

The output of the above code will be the escaped string.

The mysqli_real_escape_string() function does the following:

Escapes special characters in the string for use in an SQL statement
Adds backslashes before characters that need to be escaped
Prepares the string for use in a MySQL query

Helpful links

PHP: mysqli_real_escape_string - Manual

Edit this code on GitHub

More of Php Mysql

How to output XML from MySQL using PHP?
How to use a variable in a MySQL query using PHP?
How to create an SSL connection to MySQL using PHP?
How to use utf8mb4_unicode_ci in MySQL with PHP?
How to use multiple prepared statements in PHP and MySQL?
How to fetch data from MySQL in PHP?
How to update to null value in MySQL using PHP?
How to use a MySQL union in PHP?
How to set a timeout for MySQL query in PHP?
How to get the last insert ID in PHP MySQL?

See more codes...