Why mysql_real_escape_string() isn't enough to stop SQL injection attacks!
We have all been there writing PHP code and trusting mysql_real_escape_string().
Alas it seems it is not enough, let us look at the example below ;
$id = “0; DELETE FROM users”