mysql_real_escape_string()

Escapes a string for use in SQL statements

MySQL Table – Users
+—-+——+
| id | name |
+—-+——+
|  1 | PHP  |
|  2 | ASP  |
|  3 | JSP  |
|  4 | JS  |
|  5 | AS  |
+—-+——+

Example
<?php
mysql_pconnect(“localhost”, “root”, “phpcode”) or die(mysql_error());
$db_selected = mysql_select_db(“database_name”);
echo mysql_num_rows(mysql_query( “SELECT * FROM users WHERE name='”.mysql_real_escape_string(“PHP”).”‘”));
mysql_close();
?>

Output
1