php - How to upgrade from mysql_* to mysqli_*? -

i'm using deprecated code data users, follows:

/* retrieve */ $lastname = $_post['lastname'];  $firstname = $_post['firstname'];  $examlevel=$_post['level'];  /* connect */ $dbc=mysql_connect("localhost", "user", "passw") or die('error connecting mysql server'); mysql_select_db("db") or die('error selecting database.');  /* sanitize */ $lastname=mysql_real_escape_string($lastname); $firstname=mysql_real_escape_string($firstname);  $examlevel=mysql_real_escape_string($examlevel);   /* insert */ $query_personal = "insert personal (lastname, firstname) values  ('$lastname', '$firstname')";  $query_exam = "insert exam (level, centre, backupcentre, etc.) values ('$examlevel', '$centre', '$backup', 'etc')"; 

this working keep coming across warnings security , lack of support. there's small rewrite connect mysqli instead of mysql mysqli_real_escape_string? i've seen used in examples i've seen advice use prepared statements instead don't use mysqli_real_escape_string.

and how use prepared statements insert data? i'm bit @ sea bit far. example, parameter binding inserts , result binding selects?

convert pdo

/* connect */ $dsn = "mysql:host=localhost;db=test;charset=utf8"; $opt = array(     pdo::attr_errmode            => pdo::errmode_exception,     pdo::attr_default_fetch_mode => pdo::fetch_assoc ); $pdo = new pdo($dsn,"user", "passw", $opt);   /* insert */ $query = "insert personal (lastname, firstname) values  (?, ?)"; $stmt  = $pdo->prepare($query); $stmt->execute(array($_post['lastname'],$_post['firstname']));  $query = "insert exam (level, centre, backupcentre, etc) values (?, ?, ?, 'etc')"; $stmt  = $pdo->prepare($query); $stmt->execute(array($_post['level'], $centre, $backup));