Home/ Questions/Q 6796603
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T18:30:29+00:00

Following program i picked from the php site (http://php.net/manual/en/mysqli.real-escape-string.php) and ran on my system

  • 0

Following program i picked from the php site (http://php.net/manual/en/mysqli.real-escape-string.php) and ran on my system running wamp server.
I found that escape charecter is getting added but control is not getting inside 2nd if block

Here’s the code:

<?php
$link = mysqli_connect("localhost", "admin", "admin", "sampdb");

/* check connection */
if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
            exit();
}

mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");

$city = "'s Hertogenbosch";

/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
        printf("Error: %s\n", mysqli_sqlstate($link));
}

 $city = mysqli_real_escape_string($link, $city);
print $city;

/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
        printf("%d Row inserted.\n", mysqli_affected_rows($link));
}

mysqli_close($link);
?>

O/P :

Error: 42000

\’s Hertogenbosch

As per example mentioned in the link : “http://php.net/manual/en/mysqli.real-escape-string.php&#8221; the control should enter into the second if block and print number of rows inserted. which is not happening in this case.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The escape character is added by the mysqli_real_escape_string function, that’s it purpose. Escaping means putting the escape character (in SQL, it’s a backslash) before control characters like the apostrophe (‘).

    • 0