Originally Posted by Old Pedant
Ummm...Clawed: FouLu is saying that *IF* he uses prepared statements then he will not *NEED* to use mysql_real_escape_string.
Which is not only correct, but much better than mysql_real_escape_string.
If you don't know about prepared statements, then time to read up on them.
Oh, i didn't realise he was using MySQLi