Search code examples
phpmysqlcode-injectionmysql-real-escape-string

why does mysqli_escape_string require a database connection?


why can't I used the mysqli_escape_string function without having a database connection?


Solution

  • From the documentation:

    Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

    It has to have a connection so that it knows what charset the database is using so it can use the right rules for escaping the data.