Are there any specific PHP functions or methods that should be used to sanitize user input before using it in a query?

When dealing with user input in PHP, it is crucial to sanitize the data before using it in a query to prevent SQL injection attacks. One common method to sanitize user input is using the `mysqli_real_escape_string()` function to escape special characters in a string. Another approach is to use prepared statements with placeholders to bind parameters to the query, which automatically handles escaping.

// Using mysqli_real_escape_string() to sanitize user input
$user_input = mysqli_real_escape_string($connection, $_POST['user_input']);
$query = "SELECT * FROM table WHERE column = '$user_input'";
$result = mysqli_query($connection, $query);

// Using prepared statements to sanitize user input
$user_input = $_POST['user_input'];
$query = "SELECT * FROM table WHERE column = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $user_input);
$stmt->execute();
$result = $stmt->get_result();