diff --git a/admin/index.php b/admin/index.php
index 428756e..0556a54 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -39,7 +39,7 @@ if (isset($_POST["txt"]) && isset($_POST["tim"])) {
 include "../connect.php";
 
 $mysql_table = MYSQL_TABLE;
-$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_escape_string(nl2br($txt.$extrl))."', '".mysqli_escape_string($tim)."')";
+$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_real_escape_string(nl2br($txt.$extrl))."', '".mysqli_real_escape_string($tim)."')";
 $result = mysqli_query($db, $qry);
 
 if (!$result) {
diff --git a/detail.php b/detail.php
index b2b170d..cefd53d 100644
--- a/detail.php
+++ b/detail.php
@@ -5,7 +5,7 @@ include 'checklogin.php';
 include "connect.php";
 
 $mysql_table = MYSQL_TABLE;
-$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_escape_string($_GET["id"])."'";
+$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
 $result=mysqli_query($db, $qry);
 if($result) {
     if(mysqli_num_rows($result) == 1) {
diff --git a/get.php b/get.php
index 4255d63..0486056 100644
--- a/get.php
+++ b/get.php
@@ -5,7 +5,7 @@ include 'checklogin.php';
 include "connect.php";
 
 $mysql_table = MYSQL_TABLE;
-$qry="SELECT * FROM `$mysql_table` ORDER BY  `$mysql_table`.`id` ASC LIMIT ".mysqli_escape_string($_GET["lastid"])." , 1000";
+$qry="SELECT * FROM `$mysql_table` ORDER BY  `$mysql_table`.`id` ASC LIMIT ".mysqli_real_escape_string($_GET["lastid"])." , 1000";
 $result=mysqli_query($db, $qry);
 $newlastid=$_GET["lastid"];
 $jspo=array();
diff --git a/like.php b/like.php
index 4bf7e5c..231a466 100644
--- a/like.php
+++ b/like.php
@@ -8,7 +8,7 @@ $stars=0;
 $starred="";
 
 $mysql_table = MYSQL_TABLE;
-$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_escape_string($_GET["id"])."'";
+$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
 $resulta=mysqli_query($db, $qrya);
 if($resulta) {
     if(mysqli_num_rows($resulta) == 1) {
@@ -20,7 +20,7 @@ if($resulta) {
 $stars=$stars+1;
 
 if (isset($_GET["plusone"])) {
-	$qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_escape_string($_GET["id"])."'";
+	$qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
 	$resultb=mysqli_query($db, $qryb);
 	if($resultb) {
 		$starred="Thanks for a ★! ";