Is there a built-in function in PHP to mask placeholders like '_' and '%' when using mysql_real_escape_string, or does it need to be implemented manually?
When using mysql_real_escape_string in PHP to escape special characters in a string before inserting it into a MySQL database, placeholders like '_' and '%' are not automatically masked. To prevent these placeholders from being interpreted as wildcards in SQL queries, you can manually escape them by adding a backslash before each occurrence of '_' and '%'.
$string = "This is a string with _ and % placeholders";
$escaped_string = mysql_real_escape_string(preg_replace('/[_%]/', '\\\\$0', $string));
echo $escaped_string;
Related Questions
- What are some best practices for handling user actions like deleting and creating news articles in an admin section of a PHP script?
- How can PHP code be optimized to accurately display server status using UDP instead of TCP?
- In what scenarios would it be more beneficial to convert timestamp values to DATETIME format before sorting them in MySQL queries?