mysql_escape_string Escapes a string for use in a mysql_query &mysql.alternative.note; mysqli_escape_string PDO::quote &reftitle.description; stringmysql_escape_string stringunescaped_string This function will escape the unescaped_string, so that it is safe to place it in a mysql_query. This function is deprecated. This function is identical to mysql_real_escape_string except that mysql_real_escape_string takes a connection handler and escapes the string according to the current character set. mysql_escape_string does not take a connection argument and does not respect the current charset setting. &warn.deprecated.function-5-3-0.removed-6-0-0; &reftitle.parameters; unescaped_string The string that is to be escaped. &reftitle.returnvalues; Returns the escaped string. &reftitle.changelog; &Version; &Description; 5.3.0 This function now throws an E_DEPRECATED notice. 4.3.0 This function became deprecated, do not use this function. Instead, use mysql_real_escape_string. &reftitle.examples; ]]> &example.outputs; &reftitle.notes; mysql_escape_string does not escape % and _. &reftitle.seealso; mysql_real_escape_string addslashes The magic_quotes_gpc directive.