In PHP and MySQL it's a common issue of facing problem in sending special characters to mysql from php. To overcome this issue, mysql_real_escape_string() funtion can be a solution.
Syntax of using this function in mysql and mysqli is slightly different.
If mysql:
--------------------------
Function Name :
------------------
mysql_real_escape_string(string $unescaped_string [, resource $link_identifier = NULL ] );
Step 1:
--------
The variable that contains special character e.g. ( ' ) will be placed as the first parameter of the function and the database connection as the second parameter.
$text = mysql_real_escape_string("It's a demo text" , "your database connection variable" );
Step 2:
-------
The mysql_real_escape_string() function will add a "" before every special character. To avoid this slash on output you just have to user another function stripslashes() that will remove the "".
<?php
-------------------------
-------------------------
echo stripslashes($row[0]);
?>
======================================================
======================================================
If mysqli :
---------------------------
Function Name :
------------------
mysqli_real_escape_string ( mysqli $link , string $escapestr );
Step 1:
--------
Put the database connection as the first parameter and the variable that contains special character e.g. ( ' ) as the second parameter of the function.
$text = mysqli_real_escape_string("your database connection variable" , "It's a demo text" );
Step 2:
--------
The mysqli_real_escape_string() function will also add a "" before every special character. To avoid this slash on output you just have to user another function stripslashes() that will remove the "".
<?php
-------------------------
-------------------------
echo stripslashes($row[0]);
?>
For further study you can visit the following sites:
http://php.net/manual/en/function.mysql-real-escape-string.php
http://php.net/manual/en/mysqli.real-escape-string.php
http://php.net/manual/en/function.stripslashes.php
/1
Comments 2
Actually mysql_real_escape_string() adds an extra slashes(\) for any of the special character like(' or ") not a double quote, you may also try addslashes()
Yes you are right. I also told about "slash". But for some development issue of vcampus slashes are invisible here inside the qoute. You have seen this after correction where slashes are not seen. Towhid sir fixed it after the post was given. Thanx for your comment.
Comments 2