Using php filter_var with mysql_real_escape_string

Question

I would like to start my question by saying, I realize PDO/mysqli is the new standard and has been widely covered on SO. However in this particular case I dont have time to conv

Answer 1

Using both is fine, but what you should really be doing is not to use mysql_ at all. You should instead use PDO or mysqli_ with prepared statements to avoid SQL injection.

See How can I prevent SQL injection in PHP?

Or for a guide of how to switch to MySQLi the see Can I blindly replace all mysql_ functions with mysqli_?