Some people believe that
mysql_real_escape_string() has some flaws and cannot protect your query even when properly used.
Bringing some fossilized articles as a proof.
Così, the question is: is mysql[i]_real escape_string() totally unacceptable?
Or is it’s still possible to use this function to create your own kind of prepared statements?
With proofcode, please.