Can I use the mysql_real_escape_string
function on a site built in mysqli_connect
? And if so does it make any difference or would the protection be less?
Or should I use mysqli_escape_string
? Because when I put mysqli_escape_string
it gave some errors when it was to make a mysqli_query
..
mysqli_escape_string() expects exactly 2 parameters, 1 given in ....
BUT when using mysql_escape_string
it returns
mysql_escape_string(): This function is deprecated; use mysql_real_escape_string()
In each case should you use mysql_real_escape_string
?