PHP | mysqli_real_escape_string() Function Last Updated : 28 Apr, 2025 Comments Improve Suggest changes Like Article Like Report The mysqli_real_escape_string() function is an inbuilt function in PHP which is used to escape all special characters for use in an SQL query. It is used before inserting a string in a database, as it removes any special characters that may interfere with the query operations. When simple strings are used, there are chances that special characters like backslashes and apostrophes are included in them (especially when they are getting data directly from a form where such data is entered). These are considered to be part of the query string and interfere with its normal functioning. php <?php $connection = mysqli_connect( "localhost", "root", "", "Persons"); // Check connection if (mysqli_connect_errno()) { echo "Database connection failed."; } $firstname = "Robert'O"; $lastname = "O'Connell"; $sql="INSERT INTO Persons (FirstName, LastName) VALUES ('$firstname', '$lastname')"; if (mysqli_query($connection, $sql)) { // Print the number of rows inserted in // the table, if insertion is successful printf("%d row inserted.\n", $mysqli->affected_rows); } else { // Query fails because the apostrophe in // the string interferes with the query printf("An error occurred!"); } ?> In the above code, the query fails because the apostrophes are considered as part of the query when it is executed using mysqli_query(). The solution is to use mysqli_real_escape_string() before using the strings in the query. php <?php $connection = mysqli_connect( "localhost", "root", "", "Persons"); // Check connection if (mysqli_connect_errno()) { echo "Database connection failed."; } $firstname = "Robert'O"; $lastname = "O'Connell"; // Remove the special characters from the // string using mysqli_real_escape_string $lastname_escape = mysqli_real_escape_string( $connection, $lastname); $firstname_escape = mysqli_real_escape_string( $connection, $firstname); $sql="INSERT INTO Persons (FirstName, LastName) VALUES ('$firstname_escape', '$lastname_escape')"; if (mysqli_query($connection, $sql)) { // Print the number of rows inserted in // the table, if insertion is successful printf("%d row inserted.\n", $mysqli->affected_rows); } ?> Output: 1 row inserted. Comment More infoAdvertise with us Next Article PHP | mysqli_real_escape_string() Function A ArkadyutiBanerjee Follow Improve Article Tags : Web Technologies PHP PHP-function PHP-MySQL Similar Reads PHP | mysqli_ping() Function The mysqli_ping() function is used to ping a server connection. That is it is used to check if a host is reachable on an IP network or not. This function also tries to reconnect if an existing server connection is lost. To use this function, it is mandatory to first set up the connection with the My 2 min read PHP String Functions Complete Reference Strings are a collection of characters. For example, 'G' is the character and 'GeeksforGeeks' is the string. Installation: These functions are not required any installation. These are the part of PHP core. The complete list of PHP string functions are given below: Example: This program helps us to c 6 min read PHP | mysqli_close() Function MySQLi Procedural procedure: To close the connection in mysql database we use php function mysqli_close() which disconnect from database. It require a parameter which is a connection returned by the mysql_connect function. Syntax: mysqli_close(conn); If the parameter is not specified in mysqli_close 2 min read PHP String Functions Strings are a fundamental data type in PHP, used to store and manipulate text. PHP provides a wide variety of built-in string functions. These functions perform various operations such as string transformations, character manipulations, encoding and decoding, and formatting, making string handling s 6 min read PHP mysqli_connect() Function The mysqli_connect() function in PHP is a fundamental tool for establishing a connection to a MySQL database. This function is crucial for PHP applications that need to interact with MySQL databases, enabling them to execute queries, retrieve data, and perform various database operations.In this art 3 min read Explain some string functions of PHP In the programming world, a string is considered a data type, which in general is a sequence of multiple characters that can contain whitespaces, numbers, characters, and special symbols. For example, "Hello World!", "ID-34#90" etc. PHP also allows single quotes(' ') for defining a string. Every pro 7 min read PHP | mysqli_error() Function The mysqli_error() function is used to return the error in the most recent MySQL function call that failed. If there are multiple MySQL function calls, the error in the last statement is the one that is pointed out by the function. Syntax: mysqli_error("database_name") Parameters: This function acce 1 min read PHP | mysqli_num_rows() Function The mysqli_num_rows() function is an inbuilt function in PHP which is used to return the number of rows present in the result set. It is generally used to check if data is present in the database or not. To use this function, it is mandatory to first set up the connection with the MySQL database. Sy 2 min read PHP | highlight_string() function The highlight_string() function is an inbuilt function in PHP which is used to highlight the text string. It returns output in HTML text format. Syntax: highlight_string( $string, $return ) Parameters: This function accepts two parameters as mentioned above and described below: $string: It is the re 2 min read Like