I don't understand the mysqli_real_escape_string function

Hello It’s me again :slight_smile:

OK, I read the PHP documents and also read most of the articles in Google regarding this problem of mine but still my issue remains. I have read this article before posting here

The article says that it adds a backslash to special characters like \x00, \n, \r, , ', " and \x1a

But I have a form with text boxes where I have provided this function but when I type anything like \n and press submit… those gets saved in the database.

Lets say I typed John \n Doe in a text box and it gets really saved in database as John \n Doe

Please help.
Thank you :slight_smile:

Show us the code, to see how it’s being used, in case there’s an issue there. I don’t really understand it either, but someone will.

In any case you’ll want to have a read up about prepared statements which are much better way then the mysqli_real_escape_string function



I got a little clue.

We need to echo the input to see the result of that function.


$name = mysqli_real_escape_string($link, $_POST['name']);
echo( $name );

So an input like O’Connor goes to Database as O’Connor but if we use echo, then it prints as O'Connor

Yup SP… Since I am a noob I am just learning the basics… I will use Prepared statements.

Try this - and spot the difference :slight_smile:

$str = "This &amp; is some <b>bold</b> text.";

echo '<br> ' .$str

echo '<br>' . htmlspecialchars($str);

Added &amp;

Thank you :slight_smile:

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.