mysqli_real_escape_string()
$DBconnection=mysqli_connect("localhost","username","password","dbname"); $productName = mysqli_real_escape_string($con, $_POST['proname']); $ProductType = mysqli_real_escape_string($con, $_POST['protype']);
