PHP 5 mysql_real_escape_string/mysqli_real_escape_string Functions
A mysql_real_escape_string or mysqli_real_escape_string function must always (with few exceptions) be used to make data safe before sending a query to MySQL!

Essential Usage Shapes:
mysql_real_escape_string
mysql_real_escape_string($yourData)
mysqli_real_escape_string
mysql_real_escape_string($yourData, $dbConnection)