To run a SQL query with text data containing single quotes ‘ as well as other SQL reserved punctuations, and to prevent SQL injections, you will always want to escape the text values before using them in a SQL query. mysql_real_escape_string() calls MySQL’s library function mysql_real_escape_string, which prepends backslashes to the following characters: x00, n, …
Tag: Prevent SQL Injection
Permanent link to this article: https://blog.openshell.in/2010/12/escape-string-literals-for-sql/