what does mysql_real_escape_string() really do?

Question

One thing that I hate about documentation at times (when you\'re a beginner) is how it doesn\'t really describe things in english. Would anyone mind translating this documen

Answer 1

PHP’s mysql_real_escape_string function is only a wrapper for MySQL’s mysql_real_escape_string function. It basically prepares the input string to be safely used in a MySQL string declaration by escaping certain characters so that they can’t be misinterpreted as a string delimiter or an escape sequence delimiter and thereby allow certain injection attacks.

The real in mysql_real_escape_string in opposite to mysql_escape_string is due to the fact that it also takes the current character encoding into account as the risky characters are not encoded equally in the different character encodings. But you need to specify the character encoding change properly in order to get mysql_real_escape_string work properly.