Wh
What do you mean with prepared statements?
btw...
-- this is wrong way
$string = mysql_real_escape_string($string);
$string = stripslashes($string);
$string = strip_tags($string);
-- this is safe way
$string = stripslashes($string); // Keep your usernames clean
$string = strip_tags($string); // Kill all tags like html tags, etc..
$string = mysql_real_escape_string($string); // Anti-injection