mysql_real_escape_string Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection. stringmysql_real_escape_string stringunescaped_string resourcelink_identifier This function will escape special characters in the unescaped_string, taking into account the current charset of the connection so that it is safe to place it in a mysql_query. mysql_real_escape_string does not escape % and _. ]]> The above example would produce the following output: See also mysql_escape_string, mysql_client_encoding, addslashes, and the magic_quotes_gpc directive.