thank you larry
$fn = mysqli_real_escape_string($conn,trim($_POST['first_name']));
this is the code , when i input last name like : larry'] or larry" , is register in database with ' and " .
hello larry !
i learn your book 4,
in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .