What does mysql_escape_string() do? I am updating a database. When I am using $_POST('variable') it's not getting updated, but using it with mysql_escape_string($_POST()) it works fine. I am calling this by ajax.
mysql_escape_string is one of PHP mysql extension functions. It escapes a string provided as parameter for the function. Escapes means prepends backslash (\) to special characters.
mysql_escape_string is designed to be used with mysql_query function, to safely pass MySQL query parameters to the query. Safely means with no possibility to affect and change the desired query behaviour. Learn more by searching for "sql injection", e.g. Secure Development Guidelines on MDN.mysql_escape_string are: the null byte (0), newline (\), single quote ('), double quote (") and substiture (SUB, or \032). % and _ are not being escaped with this function.mysql_escape_string has been deprecated as of PHP 5.3.0. It should be replaced with mysql_real_escape_string function, which in addition to escaping the string, takes into account the current character set of the connection.mysql_escape_string and mysql_real_escape_string is discouraged with recommended alternatives of MySQLi or PDO_MySQL extensions.In your case, the most probable reason why $_POST('variable') does not work, is that it contains one or more of the special characters, thus the MySQL query you're executing is unintentionally changed and broken. You're calling it with AJAX and if you're not processing the AJAX errors, you may not be able to see the error messages.