I am a pen tester and i am searching some way to bypass mysqlrealescape, do you have some solution?
using prepare statements separates the data from the command so there is no longer any need to escape the data so as to prevent it getting confused with the command.
where there might be a 0.0001% chance that someone can find a way to get their code past mysql_real_escape so as to update the command there is no way whatever for them to do it when you use prepare statements.
After all mysql_real_escape is intended for use when the data legitimately can contain values that could be confused with the command - your validation should prevent any attacks even getting that far through the code.
Don’t worry if real escape is vulnerable, use prepared statements and bound variables instead.
mysql_real_escape_string() is great for preventing injections, but IMHO using prepared statements and bound variables is the way to go.