I have 2 ways to prevent against sql inject, they are:
1st
$input = $conexao->real_escape_string($input);
2nd
$input = filter_var ($input, FILTER_SANITIZE_SPECIAL_CHARS);
Query
select * from cadastro where nome = '".$input."' LIMIT 1
What's the best way?
Does real_escape_string
consume mysql or php server resource?