'mysql_escape_string VS mysql_real_escape_string
I know that mysql_escape_string is deprecated from 5.3 but what was the actual difference in mysql_real_escape_string.
What I thought was that mysql_real_escape_string is the exact same as mysql_escape_string apart from mysql_real_escape_string takes a second argument for the mysql resource.
So then I thought well surely there must be some difference as to how strings are handled because there would not be a need for 2 functions.
So then I thought that the difference was purely down to locale and character encodings?
Solution 1:[1]
Well... sort of, yes. It takes the character set of the MySQL connection into account.
http://php.net/mysql_escape_string
This function is identical to
mysql_real_escape_string()except thatmysql_real_escape_string()takes a connection handler and escapes the string according to the current character set.mysql_escape_string()does not take a connection argument and does not respect the current charset setting.
Solution 2:[2]
mysql_escape_string is not deprecated from 5.3 but, for 4.3.0 and above.
So any One using PHP version above/or 4.3.0 should use mysql_real_escape_string.
if using php < 4.3.0, than make your magic_quotes_gpc active from php.ini, though it is recommended to update, but if your code will have problem than make sure you use, magic_quotes_gpc and addslash function rather than mysql_escape_string.
Solution 3:[3]
now both of these functions are deprecated in
PHP 4 >= 4.3.0 and PHP 5. They recommend using
PDO_MySQLextension
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | deceze |
| Solution 2 | al45tair |
| Solution 3 | Sourabh Kumar Sharma |