PHP and MySQLi - Prevention From Hacking real escape function