php-mysqlHow to escape a string for MySQL in PHP?

The best way to escape a string for MySQL in PHP is to use the mysqli_real_escape_string() function. This function takes two parameters, the first being the MySQL connection and the second being the string to be escaped.

$conn = mysqli_connect("localhost", "username", "password", "database");
$escapedString = mysqli_real_escape_string($conn, $string);

The output of the above code will be the escaped string.

The mysqli_real_escape_string() function does the following:

Escapes special characters in the string for use in an SQL statement
Adds backslashes before characters that need to be escaped
Prepares the string for use in a MySQL query

Helpful links

PHP: mysqli_real_escape_string - Manual

Edit this code on GitHub

More of Php Mysql

How to create an SSL connection to MySQL using PHP?
How to get table column names in PHP MySQL?
How to get the version of MySQL using PHP?
How to set a timeout for MySQL query in PHP?
How to insert a date into a MySQL database using PHP?
How to call a stored procedure in MySQL using PHP?
How to order by a column in MySQL using PHP?
How to insert an array into a MySQL database using PHP?
How to output XML from MySQL using PHP?
How to list tables in PHP MySQL?

See more codes...