Resetting a string means reducing the ambiguity in quotation marks (and other characters) used in that string. For example, when you define a string, you usually surround it in double quotes or single quotes:
"Hello World."
But what if my string contains double quotes?
"Hello "World.""
Now I have an ambiguity - the interpreter does not know where my line ends. If I want to keep my double quotes, I have a couple of options. I could use single quotes around my string:
'Hello "World."'
Or I can avoid my quotes:
"Hello \"World.\""
Any quote preceded by a slash is discarded and understood as part of the value of the string.
When it comes to queries, MySQL has certain keywords that it observes that we cannot use in our queries without causing some confusion. Suppose we have a table of values โโwhere the column was named โSelect,โ and we would like to select this:
SELECT select FROM myTable
Now we have added some ambiguity to our request. As part of our request, we can reduce this ambiguity by using reverse ticks:
SELECT `select` FROM myTable
This eliminates the confusion that we introduced using poor judgment when choosing field names.
Many of them can be handled for you by simply mysql_real_escape_string() your values โโthrough mysql_real_escape_string() . In the example below, you can see that we are transmitting user-provided data using this function to ensure that this does not cause any problems for our request:
// Query $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'", mysql_real_escape_string($user), mysql_real_escape_string($password));
There are other methods for escaping strings, such as add_slashes , addcslashes , quotemeta , etc., although you will find that when the goal is to execute a safe query, by and large, developers prefer mysql_real_escape_string or pg_escape_string (in the context of PostgreSQL.