Why is it important to use mysql_real_escape_string or PDO for data sanitization in PHP?

It is important to use mysql_real_escape_string or PDO for data sanitization in PHP to prevent SQL injection attacks. These functions help escape special characters in user input before sending it to the database, ensuring that malicious SQL queries cannot be executed.

// Using PDO for data sanitization
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'username', 'password');

$user_input = $_POST['user_input'];
$statement = $pdo->prepare("INSERT INTO my_table (column_name) VALUES (:user_input)");
$statement->bindParam(':user_input', $user_input);
$statement->execute();