How does mysql_real_escape_string() work?

I have to send some string (in C) as a query to MySQL, so i used mysql_real_escape_string() to escape some characters like \0 or \n: #include int loginQuery(char *Nickname, char *Password) { char bufferutility[READBUFSIZE]="SELECT * FROM user WHERE Nickname='"; char bufferutility2[READBUFSIZE*2+1]; strcat(bufferutility,Nickname); strcat(bufferutility,"' AND Password='"); strcat(bufferutility,Password); strcat(bufferutility,"';"); if(mysql_real_escape_string(conn,bufferutility2,bufferutility,strlen(bufferutility))==(unsigned long)-1){ printf("\nEscaping error\n"); } //code for mysql_real_query() here } But I got this error: > You have an error in your SQL syntax; check the manual that > corresponds to your MariaDB server version for the right syntax to use > near '\'Hello\n\' AND Password=\'World\n\'' at line 1 What have I done wrong?