It is impossible for you to manually escape every such special character, not to mention that you usually deal with content that is automatically submitted by the form.
So, the mysql_real_escape_string function should be used:
mysql_real_escape_string — Escapes special characters in strings used in SQL statements, taking into account the current character set of the connection.
But note: this function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to escape only the string parameters passed into the SQL statement, otherwise unexpected results will occur.
Script example:
Copy code The code is as follows:
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string : %sn", $escaped_item);
?>
The above introduces the implementation code of escaping mysql statements in php for sql language programming learning, including the content of sql language programming learning. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
