mysql_escape_string Escapes a string for use in a mysql_query. stringmysql_escape_string stringunescaped_string This function will escape the unescaped_string, so that it is safe to place it in a mysql_query. mysql_escape_string does not escape % and _. This function is identical to mysql_real_escape_string except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string does not take a connection argument and does not respect the current charset setting. ]]> The above example would produce the following output: See also: mysql_real_escape_string, addslashes, and the magic_quotes_gpc directive.