User inputs, clean and sanitize before sending to db

Question

I\'ve searched a lot of the questions here and I found that they either very old or suggesting using prepared statements PDO which I am not

Answer 1

Your code looks fine, if you don't want to prepare statements then escaping is the next best thing. And when you echo it should be straightforward, it's only plain text.