How php/mysqli ( prepared statements + bind params ) protect against SQL Injection?

Addslashes() is NOT unicode aware. There's a fair number of unicode sequences that look like normal text, but turn into different things when processed by non-unicode aware code, allowing a malicious user to construct a "valid" unicode string that comes an SQL injection attack once addslashes trashes the string.

It also caches the queries which will increase performance with more "calls".

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.