Escaping variables

Question

I\'ve read that it\'s enough and even recommended to escape characters on the output, not on the input.

It could be easily applied to all get variables as they are n

Answer 1

I use mysqli_real_escape_string and preg_replace

$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$password = mysqli_real_escape_string($dbc, trim($_POST['password']));
$domain = preg_replace('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#]*@/', '', $email);

Also, here is a link to a similar post regarding PDO escaping Escape arguments for PDO statements?