PHP Functions Explained: mysqli_real_escape_string
In this php functions explained video we'll walk you through two prominent functions in PHP - mysql_escape_string and mysqli_real_escape_string.
These PHP functions allow developers to protect their applications from SQL injection attacks of various types - no matter what kind of sql injection attack intruders may try to get into your database management system, these PHP functions have the necessary tools to protect your app from harm.
mysql_escape_string function in PHP escapes special characters in a string before passing it on to SQL statements.
mysql_escape_string uses the underlying MySQL C++ API to escape various End of Line characters, quotes and backslashes, carriage return characters, nulls, and line feeds to prevent SQL injection attacks.
mysql_real_escape_string uses the information about the character set used to connect to MySQL to escape the string while properly treating multi-byte characters.
However, these functions based on MySQL are no longer used in production. PHP extensions based on mysql_* were deprecated in PHP 5.5.0 and removed in PHP 7.0, being replaced by mysqli_escape_string and mysqli_real_escape_string. mysqli_real_escape_string takes into account the current character set of the connection.
If you need to escape characters, you can also consider using PHP data objects and prepared statements.
Subscribe to know more secrets about MySQL and other database management systems, and until next time.
Music:
Bali by MBB: / mbbofficial
Creative Commons — Attribution-ShareAlike 3.0 Unported — CC BY-SA 3.0
Free Download / Stream: http://tinyurl.com/27ctw9ru
Music promoted by Audio Library http://tinyurl.com/4yrbrbms
#php #database #developer #sql #web #mysql