Why is using a mysql prepared statement more secure than using the common escape functions?
There's a comment in another question that says the following:
"When it comes to database queries, always try and use prepared parameterised queries. The mysqli and PDO libraries support this. This is infinitely safer than using escaping functions such as mysql_real_escape_string."
So, what i want to ask is: Why are prepared parameterized queries more secure?