PHP MySQLi::escape_string Examples

Programming Language: PHP

Class/Type: MySQLi

Method/Function: escape_string

Examples at hotexamples.com: 5

mysqli_escape_string is function that helps to escape special characters in a string to avoid SQL Injection attacks. It works with the mysqli extension in PHP, which is an object-oriented interface for accessing MySQL databases.

Example 1: Escaping a string before inserting into a MySQL database

// Connect to the database using mysqli
$mysqli = new mysqli("localhost", "username", "password", "database");

// Get the user's input from a form
$name = $_POST['name'];

// Escape the input to avoid SQL injection
$name = $mysqli->escape_string($name);

// Insert the escaped input into the database
$query = "INSERT INTO users (name) VALUES ('$name')";
$mysqli->query($query);

Example 2: Escaping a string before using it in a SQL query

// Connect to the database using mysqli
$mysqli = new mysqli("localhost", "username", "password", "database");

// Get the user's input from a form
$search_term = $_POST['search'];

// Escape the input to avoid SQL injection
$search_term = $mysqli->escape_string($search_term);

// Search the database for matching records
$query = "SELECT * FROM users WHERE name LIKE '%$search_term%'";
$result = $mysqli->query($query);

The mysqli_escape_string function is part of the mysqli library, which is included with PHP when it is compiled with support for MySQL. It is not a separate package that needs to be installed.

PHP MySQLi::escape_string - 5 examples found. These are the top rated real world PHP examples of MySQLi::escape_string extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

query(30)

real_escape_string(26)

close(24)

prepare(23)

set_charset(18)

__construct(18)

select_db(9)

checkString(5)

escape_string(5)

multi_query(5)

more_results(4)

ping(4)

real_connect(4)

options(4)

next_result(4)

connect(3)

store_result(3)

ssl_set(3)

init(3)

rollback(2)

autocommit(2)

commit(2)

stmt_init(2)

use_result(2)

real_query(1)

select(1)

update(1)

Close(1)

Query(1)

get_warnings(1)

getParams(1)

getInstance(1)

formatDate(1)

fetchOne(1)

fetchAll(1)

escape(1)

describeTable(1)

delete(1)

insert(1)

Example #1

Show file

File: Mysqli.php Project: JanPietrzyk/review

 /**
  * Create a new annotation
  *
  * @param Struct\Annotation $annotation
  * @return void
  */
 public function create(Struct\Annotation $annotation)
 {
     $this->connection->query(sprintf('
         INSERT INTO
            `annotation`
         VALUES (
             null,
             "%s",
             %s,
             %s,
             "%s",
             "%s",
             "%s",
             null
         )', $this->connection->escape_string($annotation->file), (int) $annotation->line, (int) $annotation->character, $this->connection->escape_string($annotation->type), $this->connection->escape_string($annotation->class), $this->connection->escape_string($annotation->message)));
 }

Example #2

Show file

File: CMySQLiDataSource.class.php Project: fbone/mediboard4

 function escape($value)
 {
     return $this->link->escape_string($value);
 }

Example #3

Show file

File: mysqli.php Project: cbsistem/nexos

 public function search(array $fields, &$text)
 {
     static $min_word_len = 0;
     /*
      * Short words are ignored, the default minimum length is 4 characters. You can change the min and max word length with the variables ft_min_word_len and ft_max_word_len
      * Words called stopwords are ignored, you can specify your own stopwords, but default words include the, have, some - see default stopwords list.
      * You can disable stopwords by setting the variable ft_stopword_file to an empty string.
      * http://dev.mysql.com/doc/refman/5.1/en/fulltext-stopwords.html
      */
     if (!$min_word_len) {
         mysqli_report(MYSQLI_REPORT_OFF);
         if ($res = parent::query('SHOW VARIABLES LIKE \'ft_min_word_len\'')) {
             $min_word_len = $res->fetch_row();
             $min_word_len = intval($min_word_len[1]);
             $res->free();
         }
         mysqli_report(MYSQLI_REPORT_ERROR);
         $min_word_len = max($min_word_len, 3);
     }
     $text = Poodle_Unicode::as_search_txt($text);
     if (preg_match_all('#[^\\s]{' . $min_word_len . ',}#', $text, $match)) {
         $text = $match[0];
     }
     return ' MATCH (' . implode(',', $fields) . ') AGAINST (\'' . parent::escape_string(implode(' ', $text)) . '\') ';
 }

Example #4

Show file

File: Abstract.php Project: fniftaly/Java-Selenium

 /**
  * Escapes a string for entry into the database
  * 
  * @param string $string
  * @return string
  */
 public function escape($string)
 {
     $this->_getDbh();
     return $this->_dbh->escape_string($string);
 }

Example #5

Show file

File: searchCore.php Project: nithinmurali/mca_website

<?php

// codes for searching ---------
$db = new MySQLi('localhost', 'root', 'xxxx', 'xxxx');
if (isset($_GET['keywords'])) {
    $keywords = $db->escape_string($_GET['keywords']);
    $query = $db->query("\r\n\t\tSELECT movie_id, movie_name \r\n\t\tFROM movie\r\n\t\tWHERE movie_name LIKE '%{$keywords}%'\r\n\t\tOR actor LIKE '%{$keywords}%'\r\n\t\tLIMIT 20\r\n\t");
    ?>
    
    <div class="result-count">
    	Found <?php 
    echo $query->num_rows;
    ?>
 results.
    </div>
    
    <?php 
    include 'core/init.php';
    include 'includes/overall/headder.php';
    include 'includes/widgets/spacer.php';
    include 'search.php';
    include 'includes/widgets/spacer.php';
    if ($query->num_rows) {
        while ($r = $query->fetch_object()) {
            //object because using oops style ( mysqli )
            ?>
        	<div id="search_result">
            	<a href="moviehomepage.php?movie_id=<?php 
            echo $r->movie_id;
            ?>
"><?php