why we use mysqli_real_escape_string with prepare statement code example
Example: mysqli_real_escape_string use with ajax
jQuery(document).ready(function($){
$("#error").hide();
$("#sent-form-msg").hide();
$("#contactForm #submit").click(function() {
$("#error").hide();
var name = $("input#name").val();
if(name == ""){
$("#error").fadeIn().text("Name required.");
$("input#name").focus();
return false;
}
var email = $("input#email").val();
if(email == ""){
$("#error").fadeIn().text("Email required");
$("input#email").focus();
return false;
}
var contact_no = $("input#contact_no").val();
if(contact_no == ""){
$("#error").fadeIn().text("Contact number required");
$("input#contact_no").focus();
return false;
}
var comments = $("#comments").val();
var dataString = 'name='+ name
+ '&email=' + email
+ '&contact_no=' + contact_no
+ '&comments=' + comments
$.ajax({
type:"POST",
data: dataString,
success: success()
});
});
function success(){
$("#sent-form-msg").fadeIn();
$("#contactForm").fadeOut();
}
return false;
});