hi, seems mysql_escape_string was deprecated (http://php.net/manual/en/function.mysql-escape-string.php)

is there any alternative method?
hope php developers can share with me.

tq

Switch to MySQLi or PDO and use bound values.

For MySQLi you could use

mysqli_real_escape_string($string); // For procedural style

It's already mentioned in the link you have provided

Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_escape_string()
PDO::quote()

Also,
From http://www.php.net/manual/en/function.mysqli-escape-string.php

mysqli_escape_string — Alias of mysqli_real_escape_string()

So both are same.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.