While programming with php, normally we works with mysql. And in mysql we insert, update, delete, fetch or compare string data.
But there are some special characters in a string which causes formatting level problems, values level problems and concatenation level problems while working with mysql.
And these special characters are: \x00 , \n , \r , \ , ‘ , ” , \x1a
For Example:
Our string is: Today is my friend’s birthday.
Here we want to insert this string in “description” field of “comments” table and compare it in select query.
So now we have to write queries using mysql_real_escape_string() to not cause any formatting, values or concatenation level problems and prevent database attack.
$query = "insert into comments (description) values ('" . mysql_real_escape_string("Today is my friend's birthday.") . "')"; $query = "select * from comments where description='" . mysql_real_escape_string("Today is my friend's birthday.") . "'";
Hope this will help you.