Escapes a string for use in SQL statements
MySQL Table – Users
+—-+——+
| id | name |
+—-+——+
| 1 | PHP |
| 2 | ASP |
| 3 | JSP |
| 4 | JS |
| 5 | AS |
+—-+——+
Example
<?php
mysql_pconnect(“localhost”, “root”, “phpcode”) or die(mysql_error());
$db_selected = mysql_select_db(“database_name”);
echo mysql_num_rows(mysql_query( “SELECT * FROM users WHERE name='”.mysql_real_escape_string(“PHP”).”‘”));
mysql_close();
?>
Output
1