Home/ Questions/Q 6190953
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T02:40:44+00:00

http://php.net/manual/en/function.mysql-real-escape-string.php : mysql_real_escape_string() calls MySQL’s library function mysql_real_escape_string, which prepends backslashes to the following

  • 0

http://php.net/manual/en/function.mysql-real-escape-string.php:

mysql_real_escape_string() calls MySQL’s library function
mysql_real_escape_string, which prepends backslashes to the following
characters: \x00, \n, \r, \, ‘, ” and \x1a.

Ok, so basically if i ever do something like this:

mysql_query("insert T(C)select'".mysql_real_escape_string($value)."'")

I’m making 1 trip to the database for the mysql_real_escape_string function and another trip for the function mysql_query = 2 trips to the database?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The fact that it uses the mysql library does not mean it does a round trip with the server.

    It runs code from the mysql client library, loaded in the same process as your php interpreter. You do need a connection though – that function needs to know some server settings to operate properly. But those settings are cached in the connection information on the PHP side.

    If you want to verify this (and you’re on linux), write a simple script like:

    <?php
$link = mysql_connect('localhost', 'user', 'pass');
echo "Connection done\n";
echo mysql_real_escape_string("this ' is a test");
?>

    And run it through strace:

    $ strace php t.php
....            # here comes the connection to mysql, socket fd == 3
connect(3, {sa_family=AF_FILE, path="/var/run/mysqld/mysqld.sock"}, 110) = 0
fcntl(3, F_SETFL, O_RDWR)               = 0
setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
....            # talking with mysql here
poll([{fd=3, events=POLLIN}], 1, 60000) = 1 ([{fd=3, revents=POLLIN}])
read(3, "8\0\0\0\n5.1.58-log\0\3\0\0\0K-?4'fL+\0\377\367!"..., 16384) = 60
...
read(3, "\7\0\0\2\0\0\0\2\0\0\0", 16384) = 11
                # first php echo
write(1, "Connection done\n", 16Connection done    )       = 16
                # second php echo
write(1, "this \\' is a test", 17this \' is a test)      = 17
munmap(0x7f62e187a000, 528384)          = 0
....

    The only important thing there is that the two writes caused by the echo statements have no other syscall in between – no network communication is possible without a syscall (from userspace in linux anyway).

    • 0