<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >maxdb_real_escape_string</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="Manual do PHP" HREF="index.html"><LINK REL="UP" TITLE="MaxDB PHP Extension" HREF="ref.maxdb.html"><LINK REL="PREVIOUS" TITLE="maxdb_real_connect" HREF="function.maxdb-real-connect.html"><LINK REL="NEXT" TITLE="maxdb_real_query" HREF="function.maxdb-real-query.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual do PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.maxdb-real-connect.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.maxdb-real-query.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.maxdb-real-escape-string" ></A >maxdb_real_escape_string</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN108359" ></A ><P > (PECL)</P >maxdb_real_escape_string<P > (no version information, might be only in CVS)</P >maxdb->real_escape_string -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</DIV ><DIV CLASS="refsect1" ><A NAME="AEN108363" ></A ><H2 >Description</H2 ><P >Procedural style:</P >string <B CLASS="methodname" >maxdb_real_escape_string</B > ( resource link, string escapestr )<BR ></BR ><P >Object oriented style (method):</P >class <B CLASS="classname" >maxdb</B > { <BR ></BR >string <B CLASS="methodname" >real_escape_sring</B > ( string escapestr )<BR ></BR >}<P > This function is used to create a legal SQL string that you can use in a SQL statement. The string <TT CLASS="literal" >escapestr</TT > is encoded to an escaped SQL string, taking into account the current character set of the connection. </P ><P > Characters encoded are <TT CLASS="literal" >', "</TT >. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN108389" ></A ><H2 >Return values</H2 ><P > Returns an escaped string. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN108392" ></A ><H2 >See also</H2 ><P > <A HREF="function.maxdb-character-set-name.html" ><B CLASS="function" >maxdb_character_set_name()</B ></A >. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN108396" ></A ><H2 >Example</H2 ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN108398" ></A ><P ><B >Exemplo 1. Object oriented style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$maxdb </font><font color="#007700">= new </font><font color="#0000BB">maxdb</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"MONA"</font><font color="#007700">, </font><font color="#DD0000">"RED"</font><font color="#007700">, </font><font color="#DD0000">"DEMODB"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">maxdb_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">maxdb_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"CREATE TABLE temp.mycity LIKE hotel.city"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into temp.mycity VALUES ('11111','$city','NY')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">sqlstate</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into temp.mycity VALUES ('22222','$city','NY')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">affected_rows</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$maxdb</font><font color="#007700">-></font><font color="#0000BB">close</font><font color="#007700">();<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN108401" ></A ><P ><B >Exemplo 2. Procedural style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$link </font><font color="#007700">= </font><font color="#0000BB">maxdb_connect</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"MONA"</font><font color="#007700">, </font><font color="#DD0000">"RED"</font><font color="#007700">, </font><font color="#DD0000">"DEMODB"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">maxdb_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">maxdb_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">maxdb_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"CREATE TABLE temp.mycity LIKE hotel.city"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">maxdb_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into temp.mycity VALUES ('11111','$city','NY')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">maxdb_sqlstate</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">maxdb_real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">maxdb_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into temp.mycity VALUES ('22222','$city','NY')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">maxdb_affected_rows</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">maxdb_close</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><P > The above examples would produce the following output: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >Warning: maxdb_query(): -5016 POS(43) Missing delimiter: ) <...> Error: 42000 1 Row inserted.</PRE ></TD ></TR ></TABLE ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.maxdb-real-connect.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Principal</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.maxdb-real-query.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >maxdb_real_connect</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.maxdb.html" ACCESSKEY="U" >Acima</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >maxdb_real_query</TD ></TR ></TABLE ></DIV ></BODY ></HTML >