What is the role of mysql_real_escape_string() in preventing SQL Injections in PHP?

mysql_real_escape_string() is a function in PHP that helps prevent SQL injection attacks by escaping special characters in a string before sending it to a MySQL database. This function ensures that any user input containing special characters is properly sanitized, making it safe to use in SQL queries.

// Assuming $conn is the database connection object
$user_input = $_POST['user_input'];
$escaped_input = mysql_real_escape_string($user_input);

$sql = "SELECT * FROM users WHERE username = '$escaped_input'";
$result = mysqli_query($conn, $sql);