I am using PHP Prepared Statements mysqli but i can't find below code
Posting as a community wiki. I don't want rep for this.
There's no point in using both
mysqli_real_escape_string() and a prepared statement.
It's one or the other.
Read the manual on using a MySQLi_ prepared statement:
Yet... you can use both, just not both together for the same instance.