How To Properly Escape A String Via Php And Mysql
Solution 1:
There's a difference between the backtick ` and the single quote '
.
The backtick is intended to escape table and field names that may conflict with MySQL reserved words. If I had a field named date
and a query like SELECT date FROM mytable
I'd need to escape the use of date
so that when MySQL parses the query, it will interpret my use of date
as a field rather than the datatypedate
.
The single quote '
is intended for literal values, as in SELECT * FROM mytable WHERE somefield='somevalue'
. If somevalue
itself contains single quotes, then they need to be escaped to prevent premature closing of the quote literal.
Solution 2:
Those two aren't related at all (as far I know anyway)
From the manual : http://php.net/manual/en/function.mysql-real-escape-string.php
Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query().
So essentially what it does is, it will escape characters that are unsafe to go into mysql queries (that might break or malform the query)
So o'reily
will become o\'reily
Post a Comment for "How To Properly Escape A String Via Php And Mysql"