<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.1.1.1 $ -->
  <refentry id="function.maxdb-real-escape-string">
   <refnamediv>
    <refname>maxdb_real_escape_string</refname>
    <refpurpose>
     Escapes special characters in a string for use in a SQL statement,
     taking into account the current charset of the connection
    </refpurpose>
   </refnamediv>
   <refsect1>
    <title>Description</title>
     <para>Procedural style:</para>
     <methodsynopsis>
      <type>string</type><methodname>maxdb_real_escape_string</methodname>
      <methodparam><type>resource</type><parameter>link</parameter></methodparam>
      <methodparam><type>string</type><parameter>escapestr</parameter></methodparam>
     </methodsynopsis>
     <para>
      This function is used to create a legal SQL string that you can use in a SQL statement. 
      The string <literal>escapestr</literal> is encoded to an escaped SQL string, taking into 
      account the current character set of the connection. 
     </para>
     <para>
      Characters encoded are <literal>', "</literal>. 
     </para>
   </refsect1>
   <refsect1>
    <title>Return values</title>
    <para>
     Returns an escaped string.
    </para>
   </refsect1>
   <refsect1>
    <title>See also</title>
    <para>
     <function>maxdb_character_set_name</function>.
    </para>
   </refsect1>
   <refsect1>
    <title>Example</title>
    <example>
     <title>Procedural style</title>
     <programlisting role="php">
<![CDATA[
<?php
$link = maxdb_connect("localhost", "MONA", "RED");

/* check connection */
if (maxdb_connect_errno()) {
   printf("Connect failed: %s\n", maxdb_connect_error());
   exit();
}

maxdb_query($link, "CREATE TABLE temp.mycity LIKE hotel.city");

$city = "'s Hertogenbosch";

/* this query will fail, cause we didn't escape $city */
if (!maxdb_query($link, "INSERT into temp.mycity VALUES ('11111','$city','NY')")) {
   printf("Error: %s\n", maxdb_sqlstate($link));
}

$city = maxdb_real_escape_string($link, $city);

/* this query with escaped $city will work */
if (maxdb_query($link, "INSERT into temp.mycity VALUES ('22222','$city','NY')")) {
   printf("%d Row inserted.\n", maxdb_affected_rows($link));
} 

maxdb_close($link);
?>
]]>
     </programlisting>
    </example>
    <para>
     The above examples would produce the following output:
    </para>
    <screen>
<![CDATA[
Warning: maxdb_query(): -5016 POS(43) Missing delimiter: ) <...>
Error: 42000
1 Row inserted.
]]>
    </screen>
   </refsect1>
  </refentry>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->