[ScIrUsna]

Hi,

I'am escaping with

mysql_real_escape_string

and then use mysql_tquery with parameters and sending string escaped string, and in public i use that string update name or text, i want to ask is escaping string is still escaping or i need again escape in public?

[Vince]

You should use mysql_format with the %e specifier. That way you don't have to escape each individual item separately. Escaping is only necessary to tell the parser that the character that follows is part of the input value rather than a delimiter.