This function will escape the unescaped_string, so that it is safe to place it in a mysql_query().
Note: mysql_escape_string() does not escape % and _.
This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
Example 1. mysql_real_escape_string() example
The above example would produce the following output:
|
See also mysql_real_escape_string(), addslashes(), and the magic_quotes_gpc directive.