Using these functions makes your site less vulnerable to SQL injection attacks, where an attacker puts SQL syntax into a form field to compromise your site. mysqli_real_escape_string() “escapes” special characters so that MySQL interprets them as literal string characters rather than operators in the query.
These functions only affect characters that are important to SQL commands, and will not affect legitimate input, while foiling nefarious users.
1
solved Why we should use the mysqli_real_escape_string() and the stripslashes() functions in a login and register php files