You can use this function safely with your MySQL database queries if and only if you are sure that your database connection is using ASCII, UTF-8, or ISO-8859-* and that the backslash is your database's escape character. If you're not sure, then use mysqli_real_escape_string instead. This function is not safe to use on databases with multi-byte character sets.
The only benefit of this function is that it does not require a database connection.
mysql_escape_string
(PHP 4 >= 4.0.3, PHP 5)
mysql_escape_string — 转义字符串用于 mysql_query
警告
本函数自 PHP 4.3.0 起已废弃,并且它和整个 MySQL 扩展自 PHP 7.0.0 开始被移除。 可以选择出于活跃开发中的 MySQLi 或 PDO_MySQL 扩展来作为替代。 参见 MySQL:选择 API 指南来获取更多信息。用以替代本函数的有:
说明
本函数将转义 unescaped_string,使之可以安全用于 mysql_query()。此函数已弃用。
本函数和 mysql_real_escape_string() 相同,除了 mysql_real_escape_string() 接受连接处理程序并根据当前字符集进行转义。mysql_escape_string() 不接受连接参数,也不遵循当前字符集设定。
参数
unescaped_string-
要转义的字符串。
返回值
返回转义后的字符串。
示例
示例 #1 mysql_escape_string() 示例
<?php
$item = "Zak's Laptop";
$escaped_item = mysql_escape_string($item);
printf("Escaped string: %s\n", $escaped_item);
?>以上示例会输出:
Escaped string: Zak\'s Laptop
注释
注意:
mysql_escape_string() 不转义
%和_。
add a note
User Contributed Notes 2 notes
PHPguru ¶
9 years ago
s dot marechal at jejik dot com ¶
13 years ago
The exact characters that are escaped by this function are the null byte (0), newline (\n), carriage return (\r), backslash (\), single quote ('), double quote (") and substiture (SUB, or \032).
