// Connect to the database using mysqli $mysqli = new mysqli("localhost", "username", "password", "database"); // Get the user's input from a form $name = $_POST['name']; // Escape the input to avoid SQL injection $name = $mysqli->escape_string($name); // Insert the escaped input into the database $query = "INSERT INTO users (name) VALUES ('$name')"; $mysqli->query($query);
// Connect to the database using mysqli $mysqli = new mysqli("localhost", "username", "password", "database"); // Get the user's input from a form $search_term = $_POST['search']; // Escape the input to avoid SQL injection $search_term = $mysqli->escape_string($search_term); // Search the database for matching records $query = "SELECT * FROM users WHERE name LIKE '%$search_term%'"; $result = $mysqli->query($query);The mysqli_escape_string function is part of the mysqli library, which is included with PHP when it is compiled with support for MySQL. It is not a separate package that needs to be installed.