Asked 3 years ago
26 Jul 2021
Views 560
Keenan

Keenan posted

mysql_escape_string VS mysql_real_escape_string

mysql_escape_string VS mysql_real_escape_string
Mitul Dabhi

Mitul Dabhi
answered Jul 28 '21 00:00

mysql_escape_string and mysql_real_escape_string both are the same as per the functionality. but the main difference only mysql_real_escape_string needs a connection handler and escapes the string according to the current character set.
mysql_escape_string() and mysql_real_escape_string() used for the escapes a string for use in a mysql_query.

mysql_escape_string() :

$mystuff="boss's laptop";
$insert_query=mysql_query('insert into emp_stuff ('typeofobject') values("'.mysql_escape_string($mystuff).'")');


mysql_real_escape_string() :

$connection=mysql_connect("localhost","mysql username","mysql password");
$mystuff="boss's laptop";
$insert_query=mysql_query('insert into emp_stuff ('typeofobject') values("'.mysql_real_escape_string($connection,$mystuff).'")');


you can see both codes is same but only mysql_real_escape_string use as the first argument from connection handler which return by mysql_connect

and mysql_escape_string is deprecated from PHP 4.3.0 so no use of mysql_escape_string now. even all of the code above is not useful in 2021 because mysqli_real_escape_string is lastest to use, all others above is old school.
Post Answer