The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser.

1) How to create database connection and query in PHP? mysqli_query() PDO::_query()

Controller file   function import()     {         $filename = $_FILES["file"]["tmp_name"];         if ($_FILES['file']['size'] > 0) {             $file              = fopen($filename, "r");             $is_header_removed = FALSE;             while (($importdata = fgetcsv($file, 1000…

public function register_user()     {                 if ($this->input->post()) {             $this->form_validation->set_rules('first_name', 'First Name', 'required|is_unique[user.first_name]');             $this->form_validation->set_rules('last_name', 'Last Name', 'r…

<?php      $conn = new mysqli('localhost', 'root', '');          mysqli_select_db($conn, 'dixit-test');          $sql = "SELECT * FROM `test-table`";          $setRec = mysqli_query($conn, $sql);          $columnHeader = '';          $columnHeader = "User Id" . "\t…