Same name in this branch
- 4.7.x includes/database.pgsql.inc \db_escape_string()
- 4.7.x includes/database.mysqli.inc \db_escape_string()
- 4.7.x includes/database.mysql.inc \db_escape_string()
Same name and namespace in other branches
- 4.6.x includes/database.pgsql.inc \db_escape_string()
- 4.6.x includes/database.mysql.inc \db_escape_string()
- 5.x includes/database.pgsql.inc \db_escape_string()
- 5.x includes/database.mysqli.inc \db_escape_string()
- 5.x includes/database.mysql.inc \db_escape_string()
- 6.x includes/database.pgsql.inc \db_escape_string()
- 6.x includes/database.mysqli.inc \db_escape_string()
- 6.x includes/database.mysql.inc \db_escape_string()
Prepare user input for use in a database query, preventing SQL injection attacks.
Related topics
3 calls to db_escape_string()
- system_update_151 in database/
updates.inc - tablesort_sql in includes/
tablesort.inc - Create an SQL sort clause.
- update_convert_table_utf8 in ./
update.php - Convert a single MySQL table to UTF-8.
File
- includes/
database.mysql.inc, line 342 - Database interface code for MySQL database servers.
Code
function db_escape_string($text) {
global $active_db;
return mysql_real_escape_string($text, $active_db);
}