:sig String mysql_escape(String raw, char quote_char) :params raw : the string to be escaped quote_char : the character that should be used to wrap the string (pass NULL for no wrapping) return value : the safe version of the 'raw' string :see >mysql :content Escapes a string so it can be used safely as a value inside an SQL expression. If `quote_char` is provided, the escaped result is wrapped with that quote character. Pass `NULL` when you only want escaping without wrapping. Related: - PHP: modern database access through `mysqli_*` or PDO methods rather than the old `mysql_*` family - JavaScript / Node.js: clients such as `mysql2`, query builders, or ORM adapters