When should I use prepared statements?

Question

Originally I used mysql_connect and mysql_query to do things. Then I learned of SQL injection, so I am trying to learn how to use prepared statemen

Answer 1

Mysql_* already has been deprecated so better to switch mysqli_* or PDO

For prevent sql injection (mysql) :- How can I prevent SQL injection in PHP?.

And prepared statements(These are SQL statements that are sent to and parsed by the database server separately from any parameters. ) use on your every user generated query data.

like on posting data you matching/getting records to db with query. so mean when you fire a query with form data.