Escaping for SQL

// Escape the $name variable using the character set of the current connection $name_escaped = mysqli_real_escape_string($name, $connection); $query = 'SELECT `id`, `name` from `users` WHERE `name` = \'' . $name_escaped . '\'';