When to use mysql real escape string?

What prepared statements do (among other things) is to call a method similar to mysql_real_escape_string() If you don't use PDO, what is fine, you must understand what are you doing, and you will get the same security level. The only and simple rule is all raw data needs mysql_real_escape_string() (or similar) Examples are: - Data from user input - Data that you have stored RAW on DB (witch is the best way) and you are using on a new sql statment - Data from unknow/other origin The detalis are: - be sure to not apply twice (to preserve data correctly).

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.