Here is a simple function that 100% santizes user input which removes all security risks as well as making the user input ready for use with mysql.
This function may be overkill as the first line of code $data = filter_var($data, FILTER_SANITIZE_STRING)
does the trick but when it comes to user input, overkill is good and underkill is something you will forever regret!