You can use prepared statements with mysqli.
And there's also a function to store large (blob) data that the "old" mysql extension has not.
// php-mysql: no oo-interface
$mysqli = new mysqli('localhost', 'localonly', 'localonly');
if ($mysqli->connect_error) {
die($mysqli->connect_error);
}
// php-mysql: no prepared statements
$stmt = $mysqli->prepare("INSERT INTO foo (mydata) VALUES (?)");
$stmt->bind_param("b", $null);
// php-mysql: no function to send data in chunks
$fp = fopen("php://input", "r");
while (!feof($fp)) {
$chunk = fread($fp, 4096);
$stmt->send_long_data(0, $chunk);
}
$stmt->execute();