Same name in this branch
  1. 4.6.x includes/database.pgsql.inc \db_escape_string()
  2. 4.6.x includes/database.mysql.inc \db_escape_string()
Same name and namespace in other branches
  1. 4.7.x includes/database.pgsql.inc \db_escape_string()
  2. 4.7.x includes/database.mysqli.inc \db_escape_string()
  3. 4.7.x includes/database.mysql.inc \db_escape_string()
  4. 5.x includes/database.pgsql.inc \db_escape_string()
  5. 5.x includes/database.mysqli.inc \db_escape_string()
  6. 5.x includes/database.mysql.inc \db_escape_string()
  7. 6.x includes/database.pgsql.inc \db_escape_string()
  8. 6.x includes/database.mysqli.inc \db_escape_string()
  9. 6.x includes/database.mysql.inc \db_escape_string()

Prepare user input for use in a database query, preventing SQL injection attacks.

Related topics

Database abstraction layer
Allow the use of different database servers using the same code base.
7 calls to db_escape_string()
comment_admin_overview in modules/comment.module
Menu callback; present an administrative comment listing.
comment_save_settings in modules/comment.module
node_load in modules/node.module
Load a node object from the database.
node_save in modules/node.module
Save a node object into the database.
tablesort_sql in includes/tablesort.inc
Create an SQL sort clause.

... See full list

4 string references to 'db_escape_string'
db_query in includes/database.inc
Runs a basic query in the active database.
db_queryd in includes/database.inc
Debugging version of db_query().
db_query_range in includes/database.mysql.inc
Runs a limited-range query in the active database.
db_query_range in includes/database.pgsql.inc
Runs a limited-range query in the active database.

File

includes/database.mysql.inc, line 236
Database interface code for MySQL database servers.

Code

function db_escape_string($text) {
  global $active_db;
  return mysql_real_escape_string($text, $active_db);
}