You can call the mysql_escape_string() function to escape special characters in a string so that it can be used in an SQL statement. Notice
This function should not be used. mysql_real_escape_string() is used instead.
mysql_escape_string() is equivalent to mysql_real_escape_string(). The difference is that mysql_real_escape_string() uses the connection handler as the first argument and escapes the string based on the current character set. mysql_escape_string() does not accept connection arguments or comply with the current character set.