In what scenarios is it necessary to escape text data retrieved from a database before using it in subsequent queries, and why is this important for security?

When retrieving text data from a database and using it in subsequent queries, it is necessary to escape the data to prevent SQL injection attacks. This is important for security because without escaping, malicious SQL code can be injected into the query, leading to unauthorized access, data manipulation, or deletion.

// Retrieve text data from the database
$textData = $row['text_data'];

// Escape the text data before using it in a query
$escapedTextData = mysqli_real_escape_string($connection, $textData);

// Use the escaped text data in a subsequent query
$query = "SELECT * FROM table WHERE column = '$escapedTextData'";
$result = mysqli_query($connection, $query);