Re: Do we need mysql_real_escape_string when we use mysqli ?

[unasAquila]

with mysqli it would be

object oriented

$checkVar = $mysqli->real_escape_string($checkVar);

or proceduraly

$checkVar = mysqli_real_escape_string($dbConnection, $checkVar );

either way it’s always good to do as much security testing as possible.