What characters are NOT escaped with a mysqli prepared statement?

Question

I\'m trying to harden some of my PHP code and use mysqli prepared statements to better validate user input and prevent injection attacks.

I switched away from mysql

Answer 1

It is one who is using LIKE to match a username to blame, not escaping function.

And, just for your info: native prepared statements do not escape anything.