<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.5 $ -->
<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.maxdb-real-escape-string">
<refnamediv>
<refname>maxdb_real_escape_string</refname>
<refname>maxdb->real_escape_string</refname>
<refpurpose>Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<para>Procedural style:</para>
<methodsynopsis>
<type>string</type><methodname>maxdb_real_escape_string</methodname>
<methodparam><type>resource</type><parameter>link</parameter></methodparam>
<methodparam><type>string</type><parameter>escapestr</parameter></methodparam>
</methodsynopsis>
<para>Object oriented style (method):</para>
<classsynopsis>
<ooclass><classname>maxdb</classname></ooclass>
<methodsynopsis>
<type>string</type>
<methodname>real_escape_sring</methodname>
<methodparam><type>string</type><parameter>escapestr</parameter></methodparam>
</methodsynopsis>
</classsynopsis>
<para>
This function is used to create a legal SQL string that you can use in a SQL statement.
The string <literal>escapestr</literal> is encoded to an escaped SQL string, taking into
account the current character set of the connection.
</para>
<para>
Characters encoded are <literal>', "</literal>.
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns an escaped string.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<example>
<title>Object oriented style</title>
<programlisting role="php">
<![CDATA[
<?php
$maxdb = new maxdb("localhost", "MONA", "RED", "DEMODB");
/* check connection */
if (maxdb_connect_errno()) {
printf("Connect failed: %s\n", maxdb_connect_error());
exit();
}
$maxdb->query("CREATE TABLE temp.mycity LIKE hotel.city");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!$maxdb->query("INSERT into temp.mycity VALUES ('11111','$city','NY')")) {
printf("Error: %s\n", $maxdb->sqlstate);
}
$city = $maxdb->real_escape_string($city);
/* this query with escaped $city will work */
if ($maxdb->query("INSERT into temp.mycity VALUES ('22222','$city','NY')")) {
printf("%d Row inserted.\n", $maxdb->affected_rows);
}
$maxdb->close();
?>
]]>
</programlisting>
</example>
<example>
<title>Procedural style</title>
<programlisting role="php">
<![CDATA[
<?php
$link = maxdb_connect("localhost", "MONA", "RED", "DEMODB");
/* check connection */
if (maxdb_connect_errno()) {
printf("Connect failed: %s\n", maxdb_connect_error());
exit();
}
maxdb_query($link, "CREATE TABLE temp.mycity LIKE hotel.city");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!maxdb_query($link, "INSERT into temp.mycity VALUES ('11111','$city','NY')")) {
printf("Error: %s\n", maxdb_sqlstate($link));
}
$city = maxdb_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (maxdb_query($link, "INSERT into temp.mycity VALUES ('22222','$city','NY')")) {
printf("%d Row inserted.\n", maxdb_affected_rows($link));
}
maxdb_close($link);
?>
]]>
</programlisting>
</example>
<para>
The above examples would produce the following output:
</para>
<screen>
<![CDATA[
Warning: maxdb_query(): -5016 POS(43) Missing delimiter: ) <...>
Error: 42000
1 Row inserted.
]]>
</screen>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>maxdb_character_set_name</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->