I've been looking to secure a site that has many queries involved. I've always known about mysql real escape string for a while but recently i ran across prepared statements. I had a few questions about them.
Is it a good idea to use both? is this over kill?
When should i use one but not the other?
Any other protection coding techniques i should look into for my queries and variables?