In old mysql() code, to escape a string, I did this:
t.TeacherUsername = '".mysql_real_escape_string($teacherusername)."'
I am changing my code to mysqli, but what I want to know for sure and to be safe, to escape a string in mysqli is it like this below:
t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."'
Also to connect to mysqli database is it like this below:
$username="xxx";
$password="xxx";
$database="xxx";
mysqli_connect('localhost',$username,$password);
mysqli_select_db($database) or die( "Unable to select database");
All I have done is change mysql to mysqli, is that correct?
UPDATE:
Is this now the correct way to connect to database using mysqli:
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}