Signature
String mysql_escape(String raw, char quote_char)
Parameters
raw : the string to be escaped
quote_char : the character that should be used to wrap the string (pass NULL for no wrapping)
return value : the safe version of the 'raw' string
Escapes a string so it can be used safely as a value inside an SQL expression.
If quote_char is provided, the escaped result is wrapped with that quote character. Pass NULL when you only want escaping without wrapping.
Example
print(mysql_escape("O'Brien; DROP TABLE users", '\''), "\n");
Output
'O\'Brien; DROP TABLE users'