Thank you for replying
and thak for referting its deprecated
but where i work they dont want to change for now
which i know its a security risk and
and its has no parameterized quereies.
So at the end cant use PDO or SQLi
so the only think left is to check every user input for sql quereies :(