SQL с использованием подготовленных операторов
$sql = "INSERT INTO Users (first_name, last_name, email) VALUES (?, ?, ?)";
mysqli_stmt_bind_param($sql, "sss", $first_name, $last_name, $email);
$first_name = "Harry";
$last_name = "Potter";
$email = "harrypotter@mail.com";
mysqli_stmt_execute($stmt);
SAMER SAEID