MySQL

Escape special characters

Escaping Special Characters in PHP Strings

To escape special characters in a PHP string, you can use the backslash \ followed by the character you want to insert. For example \$ for a dollar sign to prevent variable interpolation.

Other examples:

  • \\ for a backslash
  • \' for a single quote
  • \" for a double quote
  • \n for a new line
  • \r for a carriage return
  • \t for a tab
Using mysqli_real_escape_string() (for MySQL queries)
PHP
$user_last_name = mysqli_real_escape_string($conn, $_POST['user_last_name']);
Using mysqli_real_escape_string() (for MySQL queries)
PHP
$connection = new mysqli("server", "user", "password", "database");

$string = "O'Reilly's books";
$escaped_string = mysqli_real_escape_string($connection, $string);

$query = "SELECT * FROM books WHERE author = '$escaped_string'";
echo $query;
Comma after each value, except the last one Display records Display records in a Bootstrap Table Display records in columns Display records with Bootstrap pagination Display records with CSS styles Escape special characters in a string Highlight the search term in results Replace unicode characters by utf-8 Search autocomplete with Typeahead Search records by an option Select rows for the current day and month Short commands

About the author

Luan is a developer and leader of educational projects, trainer, coach, and interpreter (Albanian, Dutch, English).