//create database connection $conn = mysqli_connect("localhost","username","password","dbname"); //escape user input to prevent SQL injection $name = mysqli_real_escape_string($conn, $_POST['name']); $email = mysqli_real_escape_string($conn, $_POST['email']); $phone = mysqli_real_escape_string($conn, $_POST['phone']); //insert data into database mysqli_query($conn, "INSERT INTO users (name, email, phone) VALUES ('$name', '$email', '$phone')");In this example, we're using mysqli_real_escape_string() to escape the user input before inserting it into the database. This function ensures that any special characters in the data (like quotes) are properly escaped, preventing them from being interpreted as SQL commands. The mysqli_real_escape_string() function is part of the mysqli extension, which is included with most PHP installations by default.