<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >mysqli_real_escape_string</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="Manual do PHP" HREF="index.html"><LINK REL="UP" TITLE="MySQL Melhorada" HREF="ref.mysqli.html"><LINK REL="PREVIOUS" TITLE="mysqli_real_connect" HREF="function.mysqli-real-connect.html"><LINK REL="NEXT" TITLE="mysqli_real_query" HREF="function.mysqli-real-query.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual do PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.mysqli-real-connect.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.mysqli-real-query.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.mysqli-real-escape-string" ></A >mysqli_real_escape_string</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN135650" ></A ><P > (PHP 5)</P >mysqli_real_escape_string<P > (no version information, might be only in CVS)</P >mysqli->real_escape_string() -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</DIV ><DIV CLASS="refsect1" ><A NAME="AEN135654" ></A ><H2 >Descrição</H2 ><P >Procedural style:</P >string <B CLASS="methodname" >mysqli_real_escape_string</B > ( mysqli link, string escapestr )<BR ></BR ><P >Object oriented style (both methods are equivalent):</P >class <B CLASS="classname" >mysqli</B > { <BR ></BR >string <B CLASS="methodname" >escape_string</B > ( string escapestr )<BR ></BR >string <B CLASS="methodname" >real_escape_string</B > ( string escapestr )<BR ></BR >}<P > This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN135683" ></A ><H2 >Parâmetros</H2 ><P > <P ></P ><DIV CLASS="variablelist" ><DL ><DT ><CODE CLASS="parameter" > link</CODE ></DT ><DD ><P >Apenas para estilo de procedimento: Um identificador de conexão retornado por <A HREF="function.mysqli-connect.html" ><B CLASS="function" >mysqli_connect()</B ></A > or <A HREF="function.mysqli-init.html" ><B CLASS="function" >mysqli_init()</B ></A > </P ></DD ><DT ><CODE CLASS="parameter" >escapestr</CODE ></DT ><DD ><P > The string to be escaped. </P ><P > Characters encoded are <TT CLASS="literal" >NUL (ASCII 0), \n, \r, \, ', ", and Control-Z</TT >. </P ></DD ></DL ></DIV > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN135701" ></A ><H2 >Valores de retornado</H2 ><P > Returns an escaped string. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN135704" ></A ><H2 >Exemplos</H2 ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN135706" ></A ><P ><B >Exemplo 1. Object oriented style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$mysqli </font><font color="#007700">= new </font><font color="#0000BB">mysqli</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">sqlstate</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">affected_rows</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">close</font><font color="#007700">();<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN135709" ></A ><P ><B >Exemplo 2. Procedural style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$link </font><font color="#007700">= </font><font color="#0000BB">mysqli_connect</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_sqlstate</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">mysqli_real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_affected_rows</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">mysqli_close</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><P >O exemplo acima irá imprimir:</P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >Error: 42000 1 Row inserted.</PRE ></TD ></TR ></TABLE ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN135714" ></A ><H2 >Veja também</H2 ><P > <P ></P ><TABLE BORDER="0" ><TBODY ><TR ><TD ><A HREF="function.mysqli-character-set-name.html" ><B CLASS="function" >mysqli_character_set_name()</B ></A ></TD ></TR ></TBODY ></TABLE ><P ></P > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.mysqli-real-connect.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Principal</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.mysqli-real-query.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >mysqli_real_connect</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.mysqli.html" ACCESSKEY="U" >Acima</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >mysqli_real_query</TD ></TR ></TABLE ></DIV ></BODY ></HTML >