what does mysql_real_escape_string() really do?

Question

One thing that I hate about documentation at times (when you\'re a beginner) is how it doesn\'t really describe things in english. Would anyone mind translating this documen

Answer 1

The mysql_real_escape_string() helps you escape special characters such as single quote etc that users may submit to your script. You need to escape such characters because that comes in handy when you want to avoid SQL Injection.

I would sugggest you to check out:

mysql_real_escape_string() versus Prepared Statements

To be on much safer side, you need to go for Prepared Statements instead as demonstrated through above article.