Difference between mysqli_real_escape_string () and mysql_real_escape_string ()

Question

Difference between mysqli_real_escape_string () and mysql_real_escape_string ()

I read countless articles, but wondered if anyone could explain to me the difference in lay terms. I know that both of them protect against SQL injection and for security. but if im use mysqli to run the query or the old-fashioned method my_sql_query, does it really matter which one I use? aren't they both wrappers for the sql function anyway?

why is the code below not working?

 $test="hello, 'there";
$db->real_escape_string($test);

$db->query("INSERT INTO users (first_name) VALUES ('$test')");

+4

sql php mysqli

user3337617 Feb 21 '14 at 14:35

source share

2 answers

Quentin · Answer 1 · 2014-02-21T14:37:01+0000

, , , , .

.

?

$test="hello, 'there";
$db->query("INSERT INTO users (first_name) VALUES ('$test')", 

mysqli_real_escape_string($test));

, :

$test , SQL
.

, SQL:

$test = mysqli_real_escape_string($link, $test);

Andolasoft · Answer 2 · 2014-02-21T14:46:36+0000

, Quentin:

.

mysql_real_escape_string

$ mysqli_real_escape_string.

mysql_real_escape_string

$

, , mysql_connect(). , .

Difference between mysqli_real_escape_string () and mysql_real_escape_string ()

More articles: