This is unnerving:
[bobbojones@desktop app]$ grep -R mysql_real_ * | wc -l 20[bobbojones@desktop app]$ find . | xargs wc -l | tail -n 1 19199 total
In nearly 20,000 lines of code, the function mysql_real_escape_string() is called only 20 times. I estimate, very conservatively, that there are over 300 distinct queries in that code base.
I’m really hoping someone thought they’d be cute and wrap mysql_real_escape_string() inside some other function.
I use mysql_real_escape_string() in every line of code I write. In fact it’s the only code I use. As Bill Gates (probably) said, “if you can’t do it with mysql_real_escape_string(), it ain’t worth doing!”