On 03/24/2016 10:13 AM, Always Learning wrote: > I have never (not once) used non-prepared SQL statements, nor string > concatenation, nor sprintf. Perfect! > mysql_real_escape_string() is useful for storing in tables words with > apostrophes. You shouldn't need to escape anything if you're using prepared statements.