HomeAPI referencedatabase.mysqli.inc

db_escape_string

  1. drupal
    1. 4.7 database.mysqli.inc
    2. 4.7 database.pgsql.inc
    3. 4.7 database.mysql.inc
    4. 5 database.mysqli.inc
    5. 5 database.pgsql.inc
    6. 5 database.mysql.inc
    7. 6 database.mysql.inc
    8. 6 database.pgsql.inc
    9. 6
Versions
4.7 – 6 db_escape_string($text)

Prepare user input for use in a database query, preventing SQL injection attacks.

Related topics

Database abstraction layer
Allow the use of different database servers using the same code base.

Code

drupal/includes/database.mysqli.inc, line 328

<?php
function db_escape_string($text) {
  global $active_db;
  return mysqli_real_escape_string($active_db, $text);
}
?>