English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية

PHP Basic Tutorial

PHP Advanced Tutorial

PHP & MySQL

PHP Reference Manual

PHP mysqli_real_escape_string() Function Usage and Example

PHP MySQLi Référence Manuel

The mysqli_real_escape_string() function escapes special characters in SQL statements according to the character set of the current connection.

Definition and usage

mysqli_real_escape_string()The function is used to escape special characters in a string to make it a valid SQL statement. The input string will be escaped according to the character set of the current connection to get a legally encoded SQL statement.

Syntax

mysqli_real_escape_string($con, $str)

Parameter

Serial numberParameters and descriptions
1

con (required)

This is an object representing the connection to the MySQL Server.

2

str (required)

This is a string in which you need to escape special characters.

Return value

mysqli_real_escape_string()Returns a valid string that can be used in SQL queries, that is, the escaped string.

Error/Exception

 Calling this function on an invalid connection will return NULL and emit an E_WARNING level error.

PHP version

This function was originally introduced in PHP version5introduced and can be used in all higher versions.

Exemple en ligne

The following examples demonstratemysqli_real_escape_string()Function usage (procedural style)-

//Establishing connection
$con = mysqli_connect("localhost", "root", "password", "mydb");
//Création de la table
mysqli_query($con, "CREATE TABLE my_team(Name VARCHAR(255), Country VARCHAR(255);
$player = "S'Dhawan";
$country = "India";
//Insertion du record
$res = mysqli_query($con, "INSERT INTO my_team VALUES ('$player', '$country')");
if (!$res){
   print("Erreur survenue");
}
   print("Insertion du record réussie");
}
print("\n");
$player = mysqli_real_escape_string($con, $player);
$country = mysqli_real_escape_string($con, $country);
//Insertion du record
$res = mysqli_query($con, "INSERT INTO my_team VALUES ('$player', '$country')");
if (!$res){
   print("Erreur survenue");
}
   print("Insertion du record réussie");
}
//Fermer la connexion
mysqli_close($con);
?>

Résultat de la sortie

Erreur survenue
Insertion du record réussie

Exemple en ligne

Dans le style orienté objet, la syntaxe de cette fonction est$con->real_escape_string();.Voici des exemples de fonctions en style orienté objet ;

<?php
   //Connexion à la base de données
   $con = new mysqli("localhost", "root", "password", "test");
   //Création de la table
   $con->query("CREATE TABLE my_team(Name VARCHAR(255), Country VARCHAR(255);
   $player = "S'Dhawan";
   $country = "India";
   //Insertion du record
   $res = $con->query("INSERT INTO my_team VALUES ('$player')");
   if (!$res){
       print("Erreur survenue");
   }
       print("Insertion du record réussie");
   }
   print("\n");
   $player = $con->real_escape_string($player);
   //Insertion du record
   $res = $con->query("INSERT INTO my_team (Name) VALUES ('$player')");
   if (!$res){
       print("Erreur survenue");
   }
       print("Insertion du record réussie");
   }
   //Fermer la connexion
   mysqli_close($con);
?>

Résultat de la sortie

Erreur survenue
Insertion du record réussie

Exemple en ligne

Échapper les caractères spéciaux de la chaîne de caractères :

<?php
   $con = mysqli_connect("localhost","root","password","mydb");
   
   if (mysqli_connect_errno($con)){
      echo "Échec de la connexion MySQL: " . mysqli_connect_error();
   }
   $myName = "Jr's";
   $myName = mysqli_real_escape_string($con,$myName);
   
   mysqli_query($con,"INSERT INTO emp (name) VALUES ('$myName')");
   mysqli_close($con);

PHP MySQLi Référence Manuel

Fonctions CURL PHPFonctions OpenSSL PHP