db_escape_string

string db_escape_string (string str)

Escapes a string so it is ready to be used as a SQL query. Specifically, this function will double single quotes (') or prepend a backslash (\) to them.

NOTE: This is a SQL function. See Database Support for more information.

Arguments

str is the string to be escaped.

Result

The function returns the escaped string.

Example

// Remove quotes from string

$item = db_escape_string("That's all");
$res = db_query($item);

See also

Database functions
Database support