MYSQL Real Escape String in MYSQL Query

MYSQL Real Escape String in Query Using PHP

Here is a query for which you can use the mysqli_real_escape_string function within a query.It is identical in usage to the addslashes function, except the word addslashes is replaced with mysqli_real_escape_string.

$first_name = mysqli_real_escape_string($db, $first_name);
$last_name = mysqli_real_escape_string($db, $last_name);
$phone_number = mysqli_real_escape_string($db, $phone_number);
$email_address = mysqli_real_escape_string($db, $email_address);
$command = "INSERT INTO tablename (id, first_name, last_name, phone_number, email_address, date) VALUES (NULL,'$first_name', '$last_name', '$phone_number', '$email_address', now())";
$result = mysqli_query($db, $command);