Return to Answer

added 1 characters in body; added 2 characters in body; added 3 characters in body

Source Link

edited Apr 17, 2011 at 4:39

Escapes special characters in a string for use in an SQL statement

So you can't escape entire query, just data... because it will escape all unsafe characters like quotes (valid parts of query).

If you try something like that (to escape entire query)

echo mysql_real_escape_string("INSERT INTO some_table VALUES ('xyz', 'abc', '123');");

Output is

INSERT INTO some_table VALUES(\'xyz\', \'abc\', \'123\');

INSERT INTO some_table VALUES ('xyz', 'abc', '123');

and that is not valid query any more.

Escapes special characters in a string for use in an SQL statement

So you can't escape entire query, just data because it will escape all unsafe characters like quotes (valid parts of query).

If you try something like that (to escape entire query)

echo mysql_real_escape_string("INSERT INTO some_table VALUES('xyz', 'abc', '123');");

Output is

INSERT INTO some_table VALUES(\'xyz\', \'abc\', \'123\');

and that is not valid query any more.

Escapes special characters in a string for use in an SQL statement

So you can't escape entire query, just data... because it will escape all unsafe characters like quotes (valid parts of query).

If you try something like that (to escape entire query)

echo mysql_real_escape_string("INSERT INTO some_table VALUES ('xyz', 'abc', '123');");

Output is

INSERT INTO some_table VALUES ('xyz', 'abc', '123');

and that is not valid query any more.

Source Link

answered Apr 17, 2011 at 4:34

Wh1T3h4Ck5

Escapes special characters in a string for use in an SQL statement

So you can't escape entire query, just data because it will escape all unsafe characters like quotes (valid parts of query).

If you try something like that (to escape entire query)

echo mysql_real_escape_string("INSERT INTO some_table VALUES('xyz', 'abc', '123');");

Output is

INSERT INTO some_table VALUES(\'xyz\', \'abc\', \'123\');

and that is not valid query any more.