Examples of character escaping methods in mysql statements

When inserting a string with single quotes or double quotes into the MySQL database, if it is a single string, you can consider escaping it with a backslash. What if a large amount of data needs to be converted? Please refer to the introduction in this article.

If there is a large amount of content that needs to be escaped, you can consider the mysql_real_escape_string function: mysql_real_escape_string — Escapes special characters in strings used in SQL statements, taking into account the connection's current character set.

Note: This function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to escape only the string parameters passed into the SQL statement, otherwise accidents will occur quietly.

Example:

<?php
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %sn", $escaped_item);
?>

Test it in your own program to see the result of this escape.